CVE-2024-47775 MEDIUM

CVE-2024-47775: GHSL-2024-261: GStreamer has an OOB-read in parse_ds64

Vendor Gstreamer
Product gstreamer
Weakness CWE-125
Published December 11, 2024
Last update November 3, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.

Key dates

02Disclosure timeline

December 11, 2024 CVE published
November 3, 2025 Record updated

Related vulnerabilities

04Related CVE