CVE-2024-47537

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47537
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47537.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47537
Downstream
Related
Published
2024-12-11T18:51:56Z
Modified
2025-10-14T14:34:54Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c
Details

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->nsamples + samplescount elements of type QtDemuxSample. The problem is that samplescount is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, gtryrenew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samplescount elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.24.10"
            }
        ]
    }
]