CVE-2024-47776
- Source
- https://cve.org/CVERecord?id=CVE-2024-47776
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47776.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47776
- Downstream
- Related
- Published
- 2024-12-11T19:16:04.573Z
- Modified
- 2026-04-09T10:23:51.085845Z
- Severity
-
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk
- Details
-
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47776.json", "cwe_ids": [ "CWE-125" ], "cna_assigner": "GitHub_M" }- References
-
- https://gstreamer.freedesktop.org/security/sa-2024-0027.html
- https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47776.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-47776
- https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/
- https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch
Affected packages
Git / github.com/gstreamer/gstreamer
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.1.1
1.1.2
1.1.3
1.1.4
1.1.90
1.10.0
1.11.0
1.11.1
1.11.2
1.11.90
1.11.91
1.12.0
1.13.1
1.13.90
1.13.91
1.14.0
1.15.1
1.15.2
1.15.90
1.16.0
1.17.1
1.17.2
1.17.90
1.18.0
1.19.1
1.19.2
1.19.3
1.19.90
1.2.0
1.20.0
1.21.1
1.21.2
1.21.3
1.21.90
1.22.0
1.23.1
1.23.2
1.23.90
1.24.0
1.24.1
1.24.2
1.24.3
1.24.4
1.24.5
1.24.6
1.24.7
1.24.8
1.24.9
1.3.1
1.3.2
1.3.3
1.3.90
1.3.91
1.4.0
1.5.1
1.5.2
1.5.90
1.5.91
1.6.0
1.7.1
1.7.2
1.7.90
1.7.91
1.8.0
1.9.1
1.9.2
1.9.90
Other
BEFORE_INDENT
BRANCH-AUTOPLUG2-ROOT
BRANCH-BUILD1-200112061-ROOT
BRANCH-BUILD1-200112101-ROOT
BRANCH-BUILD1-20011216-FREEZE
BRANCH-BUILD1-ROOT
BRANCH-CAPSNEGO1-ROOT
BRANCH-ERROR-ROOT
BRANCH-EVENTS1-200110161-ROOT
BRANCH-EVENTS1-ROOT
BRANCH-EVENTS2-ROOT
BRANCH-GOBJECT1-200106241-ROOT
BRANCH-GOBJECT1-ROOT
BRANCH-GSTREAMER-0_6-ROOT
BRANCH-GSTREAMER-0_8-ROOT
BRANCH-INCSCHED1-200104161-ROOT
BRANCH-INCSCHED1-200104251-ROOT
BRANCH-INCSCHED1-200105231-ROOT
BRANCH-INCSCHED1-200105251-ROOT
BRANCH-INCSCHED1-ROOT
BRANCH-PLUGINVER1-20010422-ROOT
BRANCH-PLUGINVER1-ROOT
BRANCH-RELEASE-0_3_3-ROOT
BRANCH-RELEASE-0_3_4-ROOT
BRANCH-RELEASE-0_4_0-ROOT
BRANCH-RELEASE-0_4_1-ROOT
BRANCH-RELEASE-0_4_2-ROOT
BRANCH-RELEASE-0_5_0-ROOT
BRANCH-RELEASE-0_5_1-ROOT
BRANCH-RELEASE-0_5_2-ROOT
BRANCH-RELEASE-0_7_2-ROOT
BRANCH-RELEASE-0_7_4-ROOT
BRANCH-RELEASE-0_7_5-ROOT
CAPS-MERGE-1
CAPS-MERGE-2
CAPS-MERGE-3
CAPS-ROOT
CHANGELOG_START
DEBIAN-0_3_1-1
EVENTS1-200110161-FREEZE
GIT_CONVERSION
GOBJECT1-200106241
GOBJECT1-200106241-FREEZE
HEAD-20010306-PRE_AUTOPLUG2
HEAD-20010312-PRE_CAPSNEGO1
INCSCHED1-200105251
INCSCHED1-200105251-FREEZE
MOVE-TO-FDO
OSLOSUMMIT1-200303051
PLUGINVER1-20010422
PLUGINVER1-20010422-FREEZE
RELEASE-0_10_0
RELEASE-0_10_1
RELEASE-0_10_10
RELEASE-0_10_11
RELEASE-0_10_12
RELEASE-0_10_13
RELEASE-0_10_14
RELEASE-0_10_15
RELEASE-0_10_16
RELEASE-0_10_17
RELEASE-0_10_18
RELEASE-0_10_2
RELEASE-0_10_20
RELEASE-0_10_21
RELEASE-0_10_22
RELEASE-0_10_3
RELEASE-0_10_4
RELEASE-0_10_5
RELEASE-0_10_6
RELEASE-0_10_7
RELEASE-0_10_8
RELEASE-0_10_9
RELEASE-0_1_0-SLIPSTREAM
RELEASE-0_1_1-DUCTTAPE
RELEASE-0_2_0-CRITICALMASS
RELEASE-0_2_1-SEDIMASTER
RELEASE-0_2_1-UNKN
RELEASE-0_3_0-EVENTFUL
RELEASE-0_3_1-BELGIANBEER
RELEASE-0_3_2-DOBDAY
RELEASE-0_7_1
RELEASE-0_7_2
RELEASE-0_7_3
RELEASE-0_7_6
RELEASE-0_8_0
RELEASE-0_8_1
RELEASE-0_8_2
RELEASE-0_8_3
RELEASE-0_8_4
RELEASE-0_8_6
RELEASE-0_8_7
RELEASE-0_8_8
RELEASE-0_8_9
RELEASE-0_9_2
RELEASE-0_9_3
RELEASE-0_9_4
RELEASE-0_9_5
RELEASE-0_9_6
RELEASE-0_9_7
TYPEFIND-ROOT
monorepo-start
start
RELEASE-0.*
RELEASE-0.10.23
RELEASE-0.10.24
RELEASE-0.10.25
RELEASE-0.10.26
RELEASE-0.10.27
RELEASE-0.10.28
RELEASE-0.10.29
RELEASE-0.10.30
RELEASE-0.10.31
RELEASE-0.11.0
RELEASE-0.11.1
RELEASE-0.11.2
RELEASE-0.11.90
RELEASE-0.11.91
RELEASE-0.11.92
RELEASE-0.11.93
RELEASE-0.11.94
RELEASE-0.11.99