BIT-java-min-2024-47596
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/java-min/BIT-java-min-2024-47596.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-java-min-2024-47596
- Aliases
- Published
- 2026-05-06T14:45:00.683Z
- Modified
- 2026-05-08T07:56:26.260408241Z
- Summary
- GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing
- Details
-
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemuxparsesvq3stsddata function within qtdemux.c. In the FOURCCSMI case, seqhsize is read from the input file without proper validation. If seqhsize is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gstbufferfill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
- Database specific
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:bellsoft:libericajdk:*:*:*:*:*:*:*:*" ] }- References
-
- https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch
- https://gstreamer.freedesktop.org/security/sa-2024-0015.html
- https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-47596
- https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/
Affected packages
Bitnami / java-min
Package
- Name
- java-min
- Purl
- pkg:bitnami/java-min
Severity
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator