vulnerability
Red Hat: CVE-2024-47775: gstreamer1-plugins-good: OOB-read in parse_ds64 (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:L/AC:L/Au:N/C:N/I:P/A:P) | Dec 12, 2024 | May 14, 2025 | May 14, 2025 |
Description
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
Solution(s)
References

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.