vulnerability

Red Hat: CVE-2024-47546: gstreamer1-plugins-good: integer underflow in extract_cc_from_data leading to OOB-read (Multiple Advisories)

Name: Red Hat: CVE-2024-47546: gstreamer1-plugins-good: integer underflow in extract_cc_from_data leading to OOB-read (Multiple Advisories)
Creator: Red Hat
Published: 2024-12-12T00:00:00.000Z
Keywords: CVE, CWE-191, Red Hat, 2024, 47546, gstreamer1, redhat-upgrade-gstreamer1-plugins-good, redhat-upgrade-gstreamer1-plugins-good-debuginfo, redhat-upgrade-gstreamer1-plugins-good-debugsource, redhat-upgrade-gstreamer1-plugins-good-gtk, redhat-upgrade-gstreamer1-plugins-good-gtk-debuginfo, redhat-upgrade-gstreamer1-plugins-good-qt-debuginfo, Severity 5

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:N/A:C)

Published

Dec 12, 2024

Added

May 14, 2025

Modified

Jun 17, 2026

Description

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.

Solutions

redhat-upgrade-gstreamer1-plugins-goodredhat-upgrade-gstreamer1-plugins-good-debuginforedhat-upgrade-gstreamer1-plugins-good-debugsourceredhat-upgrade-gstreamer1-plugins-good-gtkredhat-upgrade-gstreamer1-plugins-good-gtk-debuginforedhat-upgrade-gstreamer1-plugins-good-qt-debuginfo

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report