CVE-2024-47598

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47598
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47598.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47598
Downstream
Related
Published
2024-12-11T19:02:32Z
Modified
2025-10-14T14:34:34Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table
Details

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemuxmergesampletable function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading sttsduration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.

References

Affected packages

Git /

Affected ranges

Database specific 

{
    "unresolved_versions": [
        {
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "1.24.10"
                }
            ],
            "type": ""
        }
    ]
}