CVE-2024-47600Out-of-bounds Read in Gstreamer

CWE-125Out-of-bounds Read7 documents5 sources
Severity
5.1MEDIUMNVD
OSV8.8
EPSS
0.2%
top 61.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GstreamerDebian Gst-plugins-base1.0
Timeline
PublishedDec 12
Latest updateOct 7

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-rea

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDgstreamer/gstreamer< 1.24.10
debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u3 (bookworm)

Patches

Patch: gitlab.freedesktop.org

🔴Vulnerability Details

2
OSV
gst-plugins-base1.0 vulnerabilities2025-10-07
OSV
CVE-2024-47600: GStreamer is a library for constructing graphs of media-handling components2024-12-12

📋Vendor Advisories

4
Ubuntu
GStreamer Base Plugins vulnerabilities2025-10-07
Ubuntu
GStreamer Base Plugins vulnerabilities2024-12-18
Red Hat
gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask2024-12-11
Debian
CVE-2024-47600: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. An ...2024