Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-47600
Modified
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-12 Dec, 2024 | 02:03
Updated At-17 Mar, 2026 | 15:52

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CPE Matches
gstreamer
gstreamer
>>gstreamer>>Versions before 1.24.10(exclusive)
cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondarysecurity-advisories@github.com
CWE ID: CWE-125
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patchsecurity-advisories@github.com
Patch
https://gstreamer.freedesktop.org/security/sa-2024-0018.htmlsecurity-advisories@github.com
Release Notes
https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/security-advisories@github.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://gstreamer.freedesktop.org/security/sa-2024-0018.html
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/
Source: security-advisories@github.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found