CVE-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read

🗓️ 11 Dec 2024 19:01:05Reported by GitHub_MType

GStreamer vulnerability fixes integer underflow in extract_cc_from_data, resolving out-of-bounds read.

Reporter	Title	Published	Views	Family All 112
FreeBSD	gstreamer1-plugins-good -- multiple vulnerabilities	3 Dec 202400:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : gstreamer1-plugins-good (ALAS-2025-2964)	19 Aug 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2025:7242)	3 Jul 202500:00	–	nessus
Tenable Nessus	Debian dla-4071 : gstreamer1.0-gtk3 - security update	28 Feb 202500:00	–	nessus
Tenable Nessus	Debian dsa-5838 : gstreamer1.0-gtk3 - security update	29 Dec 202400:00	–	nessus
Tenable Nessus	FreeBSD : gstreamer1-plugins-good -- multiple vulnerabilities (750ab972-b3e8-11ef-b680-4ccc6adda413)	7 Dec 202400:00	–	nessus
Tenable Nessus	GLSA-202506-02 : GStreamer, GStreamer Plugins: Multiple Vulnerabilities	25 Jun 202500:00	–	nessus
Tenable Nessus	MiracleLinux 9 : gstreamer1-plugins-good-1.22.12-4.el9 (AXSA:2025-10303:01)	13 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 7.02 : gstreamer1-plugins-good Multiple Vulnerabilities (NS-SA-2025-0076)	9 Jun 202500:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 7.02 : gstreamer1-plugins-good Multiple Vulnerabilities (NS-SA-2025-0174)	25 Jul 202500:00	–	nessus

[
  {
    "vendor": "gstreamer",
    "product": "gstreamer",
    "versions": [
      {
        "version": "< 1.24.10",
        "status": "affected"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch
securitylab	www.securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/
gstreamer	www.gstreamer.freedesktop.org/security/sa-2024-0013.html

11 Dec 2024 19:01Current

CVSS 46.9

EPSS0.01051

CWE-191