Security Advisory 2024-0026 (GHSL-2024-117, CVE-2024-47615)
|
|
Summary |
Out-of-bounds write in Ogg demuxer |
Date |
2024-12-03 20:00 |
Affected Versions |
GStreamer gst-plugins-base < 1.24.10 |
IDs |
GStreamer-SA-2024-0026 GHSL-2024-117 CVE-2024-47615 |
Details
An out-of-bounds write in the Ogg demuxer that can cause crashes for certain input files.
Impact
It is possible for a malicious third party to trigger out-of-bounds writes that
can result in a crash of the application, or potentially possibly also allow
code execution through heap manipulation.
Solution
The gst-plugins-base 1.24.10 release addresses the issue. People using older
branches of GStreamer should apply the patch and recompile.
References
The GStreamer project
CVE Database Entries
GStreamer releases
1.24 (current stable)
Patches