CVE-2024-47546

12.12.2024, 02:03

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.

Wrap or Wraparound

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_M	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Vendor	Product	Version
gstreamer_project	gstreamer	𝑥 < 1.24.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gst-plugins-good1.0

bullseye	vulnerable
bullseye (security)	1.18.4-2+deb11u3 fixed
bookworm	1.22.0-5+deb12u2 fixed
bookworm (security)	1.22.0-5+deb12u2 fixed
sid	1.26.1-1 fixed
trixie	1.26.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gst-plugins-good0.10

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	dne
xenial	needs-triage

gst-plugins-good1.0

plucky	not-affected
oracular	Fixed 1.24.8-1ubuntu1.1 released
noble	Fixed 1.24.2-1ubuntu1.1 released
jammy	Fixed 1.20.3-0ubuntu1.3 released
focal	Fixed 1.16.3-0ubuntu1.3 released
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch

https://gstreamer.freedesktop.org/security/sa-2024-0013.html

https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/