41 matches found
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the gstwavparseadtlchunk function. An attacker can cause an out-of-bounds read by crafting input where the lsize value is odd, leading the parser to advance more bytes than validated due to improper handling of siz...
UBUNTU-CVE-2026-1940
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...
CVE-2026-1940 Gstreamer: incomplete fix of cve-2026-1940
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...
CVE-2026-1940 Gstreamer: incomplete fix of cve-2026-1940
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...
CVE-2026-1940
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...
CVE-2026-1940
CVE-2026-1940 describes an out-of-bounds read in gst_wavparse_adtl_chunk() due to improper handling of lsize and GST_ROUND_UP_2(lsize) in the WAV parser. Connected advisories confirm affected package family: gstreamer1-plugins-good (AL2/ALAS2 and AL2023 lines). Patches and updated packages are pr...
CVE-2026-1940
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...
GStreamer 安全漏洞
GStreamer is a set of open-source frameworks for processing streaming media. There is a security vulnerability in GStreamer, which stems from incomplete repairs to CVE-2024-47778. The gstwavparseadtlchunk function involves out-of-bounds reading; when lsize is an odd number, the number of bytes...
PT-2026-26749
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst wavparse adtl chunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GST ROUND UP 2lsize used in the actual offset calculation. When lsize is an odd number, the parser advance...
RLSA-2025:7242 Moderate: gstreamer1-plugins-good security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer1-plugins-good: OOB-read in...
EUVD-2024-42835
Malicious code in bioql PyPI...
The vulnerability of the gst_wavparse_cue_chunk function in the Gstreamer multimedia framework, which allows a hacker to access confidential information
The vulnerability of the gstwavparsecuechunk function in the Gstreamer multimedia framework relates to reading data outside of the allowed range by the WAV parser. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...
The vulnerability of the gst_wavparse_smpl_chunk function in the Gstreamer multimedia framework allows a attacker to cause a service failure.
The vulnerability of the gstwavparsesmplchunk function in the Gstreamer multimedia framework is related to reading beyond the allowed range of memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
SUSE CVE-2024-47777
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...
SUSE CVE-2024-47778
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. ...
DEBIAN-CVE-2024-47776
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...
DEBIAN-CVE-2024-47777
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...
AZL-62372 CVE-2024-47776 affecting package gstreamer1 1.20.0-2
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...
UBUNTU-CVE-2024-47776
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...
UBUNTU-CVE-2024-47778
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. ...