GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-125"
],
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"fixed": "1.24.10"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47778.json"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.24.10"
}
],
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
}