CVE-2024-47615 GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer

🗓️ 11 Dec 2024 19:13:47Reported by GitHub_MType

GStreamer has an out-of-bounds write in Ogg demuxer affecting memory size and structures.

Reporter	Title	Published	Views	Family All 186
IBM Security Bulletins	Security Bulletin: Vulnerabilities in GStreamer affects IBM watsonx Assistant for IBM Cloud Pak for Data	5 Feb 202514:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	15 Apr 202503:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in GStreamer affects IBM watsonx Assistant for IBM Cloud Pak for Data	15 Apr 202503:45	–	ibm
FreeBSD	gstreamer1-plugins-ogg -- Out-of-bounds write in Ogg demuxer	3 Dec 202400:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2025-2747 (ALAS-2025-2747)	4 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0281: gstreamer1-plugins-base (ALINUX3-SA-2024:0281)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : gstreamer1-plugins-base (ALSA-2024:11345)	18 Dec 202400:00	–	nessus
Tenable Nessus	Debian dla-3999 : gir1.2-gst-plugins-base-1.0 - security update	21 Dec 202400:00	–	nessus
Tenable Nessus	Debian dsa-5831 : gir1.2-gst-plugins-base-1.0 - security update	14 Dec 202400:00	–	nessus
Tenable Nessus	Fedora 41 : mingw-directxmath / mingw-gstreamer1 / etc (2024-0a5722a980)	22 Dec 202400:00	–	nessus

[
  {
    "vendor": "gstreamer",
    "product": "gstreamer",
    "versions": [
      {
        "version": "< 1.24.10",
        "status": "affected"
      }
    ]
  }
]

Source	Link
securitylab	www.securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
gitlab	www.gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch
gstreamer	www.gstreamer.freedesktop.org/security/sa-2024-0026.html

11 Dec 2024 19:13Current

CVSS 48.6

EPSS0.00114

CWE-787

cve-2024-47615 gstreamer ogg demuxer out-of-bounds write memory vulnerability fix 1.24.10