CVE-2024-47539

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47539

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

G

Streamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.

References
Link Resource
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch Patch
https://gstreamer.freedesktop.org/security/sa-2024-0007.html Release Notes
https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
History

03 Nov 2025, 21:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html -

18 Dec 2024, 21:52

Type Values Removed Values Added
First Time Gstreamer Project
Gstreamer Project gstreamer
References () https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch - () https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch - Patch
References () https://gstreamer.freedesktop.org/security/sa-2024-0007.html - () https://gstreamer.freedesktop.org/security/sa-2024-0007.html - Release Notes
References () https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/ - () https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

12 Dec 2024, 02:03

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-12 02:03

Updated : 2025-11-03 21:16

NVD link : CVE-2024-47539

Mitre link : CVE-2024-47539

CVE.ORG link : CVE-2024-47539

JSON object : View

Products Affected

gstreamer_project

CWE
CWE-787

Out-of-bounds Write