vulnerability

Alma Linux: CVE-2024-47615: Important: gstreamer1-plugins-base security update (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Dec 12, 2024	Dec 19, 2024	Mar 31, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Dec 12, 2024

Added

Dec 19, 2024

Modified

Mar 31, 2026

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.

Solutions

alma-upgrade-gstreamer1-plugins-basealma-upgrade-gstreamer1-plugins-base-develalma-upgrade-gstreamer1-plugins-base-tools

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report