692 matches found
CVE-2024-47775 GHSL-2024-261: GStreamer has an OOB-read in parse_ds64
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multipl...
CVE-2024-47774 GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. The function reads the namelength value directly from the input file without checking it properly. Then,...
CVE-2024-47774
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. The function reads the namelength value directly from the input file without checking it properly. Then,...
CVE-2024-47774
CVE-2024-47774 affects GStreamer, specifically the gstreamer1-plugins-good component. The root cause is an OOB-read in the function gst_avi_subtitle_parse_gab2_chunk (gstavisubtitle.c) where name_length is read from the input without proper validation, and an overflow condition when name_length &...
CVE-2024-47774 GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. The function reads the namelength value directly from the input file without checking it properly. Then,...
CVE-2024-47774 GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. The function reads the namelength value directly from the input file without checking it properly. Then,...
CVE-2024-47600 GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the formatchannelmask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the...
CVE-2024-47600
GStreamer CVE-2024-47600: An OOB-read in the format_channel_mask path of gst-discoverer.c occurs when gst_discoverer_audio_info_get_channels returns a value greater than 64 for the fixed-size 64-element position array, enabling access beyond bounds and potentially reading unintended stack bytes. ...
CVE-2024-47598 GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemuxmergesampletable function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading sttsduration, allowing the...
CVE-2024-47598 GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemuxmergesampletable function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading sttsduration, allowing the...
CVE-2024-47597
CVE-2024-47597 : GStreamer contains an out-of-bounds read in qtdemux_parse_samples() of qtdemux.c when reading data beyond the stream->stco buffer (via qt_atom_parser_get_offset_unchecked). This can cause an 8-byte read past the intended boundary when processing the provided sample. The issue ...
CVE-2024-47597 GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...
CVE-2024-47596 GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemuxparsesvq3stsddata function within qtdemux.c. In the FOURCCSMI case, seqhsize is read from the input file without proper validation. If seqhsize is greater than the remaining...
CVE-2024-47596 GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemuxparsesvq3stsddata function within qtdemux.c. In the FOURCCSMI case, seqhsize is read from the input file without proper validation. If seqhsize is greater than the remaining...
CVE-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...
CVE-2024-47546
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...
CVE-2024-47546
CVE-2024-47546 affects GStreamer, specifically the qtdemux.c path in the FourCC c708 parsing. The underlying issue is an integer underflow in extract_cc_from_data where atom_length - 8 can underflow if atom_length
CVE-2024-47545
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...
CVE-2024-47545
CVE-2024-47545 affects GStreamer components (notably qtdemux in qtdemux.c) where an integer underflow during the strf parsing case allows size to underflow, leading to an OOB-read via a large memcpy in gst_buffer_fill. The issue is documented across multiple advisories and is fixed in GStreamer 1...
CVE-2024-47545 GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...