CVE-2024-47539

EUVD-2024-42799

12.12.2024, 02:03

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Affected Products (NVD)

Vendor	Product	Version
gstreamer	gstreamer	𝑥 < 1.24.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gst-plugins-good1.0

bookworm	1.22.0-5+deb12u3 fixed
bookworm (security)	1.22.0-5+deb12u2 fixed
bullseye	vulnerable
bullseye (security)	1.18.4-2+deb11u4 fixed
forky	1.26.9-1 fixed
sid	1.26.10-1 fixed
trixie	1.26.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gst-plugins-good0.10

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
xenial	needs-triage

gst-plugins-good1.0

bionic	needs-triage
focal	Fixed 1.16.3-0ubuntu1.3 released
jammy	Fixed 1.20.3-0ubuntu1.3 released
noble	Fixed 1.24.2-1ubuntu1.1 released
oracular	Fixed 1.24.8-1ubuntu1.1 released
plucky	not-affected
questing	not-affected
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

gstreamer-plugins-good

suse enterprise desktop 15 SP6	1.24.0-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	1.24.0-150600.3.3.1 fixed
suse enterprise sap 15 SP6	1.24.0-150600.3.3.1 fixed
suse enterprise sap 15 SP7	1.24.0-150600.3.3.1 fixed
suse enterprise server 15 SP2	1.16.3-150200.3.17.1 fixed
suse enterprise server 15 SP3	1.16.3-150200.3.17.1 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.9.1 fixed
suse enterprise server 15 SP5	1.22.0-150500.4.6.1 fixed
suse enterprise server 15 SP6	1.24.0-150600.3.3.1 fixed
suse enterprise server 15 SP7	1.24.0-150600.3.3.1 fixed

gstreamer-plugins-good-lang

suse enterprise desktop 15 SP6	1.24.0-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	1.24.0-150600.3.3.1 fixed
suse enterprise sap 15 SP6	1.24.0-150600.3.3.1 fixed
suse enterprise sap 15 SP7	1.24.0-150600.3.3.1 fixed
suse enterprise server 15 SP2	1.16.3-150200.3.17.1 fixed
suse enterprise server 15 SP3	1.16.3-150200.3.17.1 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.9.1 fixed
suse enterprise server 15 SP5	1.22.0-150500.4.6.1 fixed
suse enterprise server 15 SP6	1.24.0-150600.3.3.1 fixed
suse enterprise server 15 SP7	1.24.0-150600.3.3.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

gstreamer1-plugins-good

RHEL 8	0:1.16.1-5.el8_10 fixed
RHEL 8.2 AUS	0:1.16.1-2.el8_2 fixed
RHEL 8.4 AUS	0:1.16.1-3.el8_4 fixed
RHEL 8.4 E4S	0:1.16.1-3.el8_4 fixed
RHEL 8.4 TUS	0:1.16.1-3.el8_4 fixed
RHEL 8.6 AUS	0:1.16.1-3.el8_6 fixed
RHEL 8.6 E4S	0:1.16.1-3.el8_6 fixed
RHEL 8.6 TUS	0:1.16.1-3.el8_6 fixed
RHEL 8.8 AUS	0:1.16.1-4.el8_8 fixed
RHEL 8.8 E4S	0:1.16.1-4.el8_8 fixed
RHEL 8.8 EUS	0:1.16.1-4.el8_8 fixed
RHEL 8.8 TUS	0:1.16.1-4.el8_8 fixed
RHEL 9	0:1.22.1-3.el9_5 fixed

gstreamer1-plugins-good-gtk

RHEL 8	0:1.16.1-5.el8_10 fixed
RHEL 8.2 AUS	0:1.16.1-2.el8_2 fixed
RHEL 8.4 AUS	0:1.16.1-3.el8_4 fixed
RHEL 8.4 E4S	0:1.16.1-3.el8_4 fixed
RHEL 8.4 TUS	0:1.16.1-3.el8_4 fixed
RHEL 8.6 AUS	0:1.16.1-3.el8_6 fixed
RHEL 8.6 E4S	0:1.16.1-3.el8_6 fixed
RHEL 8.6 TUS	0:1.16.1-3.el8_6 fixed
RHEL 8.8 AUS	0:1.16.1-4.el8_8 fixed
RHEL 8.8 E4S	0:1.16.1-4.el8_8 fixed
RHEL 8.8 EUS	0:1.16.1-4.el8_8 fixed
RHEL 8.8 TUS	0:1.16.1-4.el8_8 fixed
RHEL 9	0:1.22.1-3.el9_5 fixed

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch

https://gstreamer.freedesktop.org/security/sa-2024-0007.html

https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/

https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html