AZL-62342

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62342.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-62342

Upstream

CVE-2024-47775

Published

2024-12-12T02:03:40Z

Modified

2026-04-01T05:20:03.176879Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

CVE-2024-47775 affecting package gstreamer1 1.20.0-2

Details

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GSTREADUINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47775

Affected packages

Azure Linux:3 / gstreamer1

Package

Name: gstreamer1
Purl: pkg:rpm/azure-linux/gstreamer1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.20.0-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62342.json"