CVE-2024-47600

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch	Patch
https://gstreamer.freedesktop.org/security/sa-2024-0018.html	Release Notes
https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

History

03 Nov 2025, 23:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html -

Information

Published : 2024-12-12 02:03

Updated : 2025-11-03 23:16

NVD link : CVE-2024-47600

Mitre link : CVE-2024-47600

CVE.ORG link : CVE-2024-47600

JSON object : View

Products Affected

gstreamer_project

gstreamer

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-47600", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-12T02:03:31.577", "references": [{"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10."}, {"lang": "es", "value": "GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se ha detectado una vulnerabilidad de lectura OOB en la funci\u00f3n format_channel_mask en gst-discoverer.c. La vulnerabilidad afecta a la posici\u00f3n de la matriz local, que se define con un tama\u00f1o fijo de 64 elementos. Sin embargo, la funci\u00f3n gst_discoverer_audio_info_get_channels puede devolver un valor de canales guint mayor que 64. Esto hace que el bucle for intente acceder m\u00e1s all\u00e1 de los l\u00edmites de la matriz de posici\u00f3n, lo que da como resultado una lectura OOB cuando se utiliza un \u00edndice mayor que 63. Esta vulnerabilidad puede dar como resultado la lectura de bytes no deseados de la pila. Adem\u00e1s, la desreferencia de value->value_nick despu\u00e9s de la lectura OOB puede provocar una mayor corrupci\u00f3n de la memoria o un comportamiento indefinido. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10."}], "lastModified": "2025-11-03T23:16:13.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0", "versionEndExcluding": "1.24.10"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}