AZL-62345

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62345.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-62345

Upstream

CVE-2024-47598

Published

2024-12-12T02:03:31Z

Modified

2026-04-01T05:20:03.491029Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

CVE-2024-47598 affecting package gstreamer1 1.20.0-2

Details

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemuxmergesampletable function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading sttsduration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47598

Affected packages

Azure Linux:3 / gstreamer1

Package

Name: gstreamer1
Purl: pkg:rpm/azure-linux/gstreamer1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.20.0-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62345.json"