vulnerability

Gentoo Linux: CVE-2024-47776: GStreamer, GStreamer Plugins: Multiple Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:N/A:C)	Dec 12, 2024	Jun 13, 2025	Mar 31, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:C)

Published

Dec 12, 2024

Added

Jun 13, 2025

Modified

Mar 31, 2026

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.

Solutions

gentoo-linux-upgrade-media-libs-gst-plugins-basegentoo-linux-upgrade-media-libs-gstreamer

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report