GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
Published 2024-12-11 19:13:48
Updated 2024-12-18 19:57:17
Source GitHub, Inc.
View at NVD,   CVE.org

Products affected by CVE-2024-47615

Exploit prediction scoring system (EPSS) score for CVE-2024-47615

0.06%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-47615

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST 2024-12-18
8.6
HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/V...
N/A
N/A
GitHub, Inc. 2024-12-11
8.6
HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/V...
N/A
N/A
GitHub, Inc. 2024-12-12

CWE ids for CVE-2024-47615

  • The product writes data past the end, or before the beginning, of the intended buffer.
    Assigned by:
    • a0819718-46f1-4df5-94e2-005712e83aaa (Primary)
    • security-advisories@github.com (Primary)

References for CVE-2024-47615

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!