Lucene search
K

41 matches found

Snyk
Snyk
added 2026/03/23 10:34 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the gstwavparseadtlchunk function. An attacker can cause an out-of-bounds read by crafting input where the lsize value is odd, leading the parser to advance more bytes than validated due to improper handling of siz...

7.5CVSS5.9AI score0.00225EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 10:16 p.m.6 views

UBUNTU-CVE-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...

7.5CVSS5.8AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/23 9:26 p.m.33 views

CVE-2026-1940 Gstreamer: incomplete fix of cve-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...

5.1CVSS0.00225EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 9:26 p.m.3 views

CVE-2026-1940 Gstreamer: incomplete fix of cve-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...

5.1CVSS6.7AI score0.00225EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/23 9:26 p.m.3 views

CVE-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...

7.5CVSS8.1AI score0.00225EPSS
Exploits0
CVE
CVE
added 2026/03/23 9:26 p.m.31 views

CVE-2026-1940

CVE-2026-1940 describes an out-of-bounds read in gst_wavparse_adtl_chunk() due to improper handling of lsize and GST_ROUND_UP_2(lsize) in the WAV parser. Connected advisories confirm affected package family: gstreamer1-plugins-good (AL2/ALAS2 and AL2023 lines). Patches and updated packages are pr...

7.5CVSS6.7AI score0.00225EPSS
Exploits0References5Affected Software4
AlpineLinux
AlpineLinux
added 2026/03/23 9:26 p.m.5 views

CVE-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...

7.5CVSS6.8AI score0.00839EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

GStreamer 安全漏洞

GStreamer is a set of open-source frameworks for processing streaming media. There is a security vulnerability in GStreamer, which stems from incomplete repairs to CVE-2024-47778. The gstwavparseadtlchunk function involves out-of-bounds reading; when lsize is an odd number, the number of bytes...

7.5CVSS7.3AI score0.00225EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-26749

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst wavparse adtl chunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GST ROUND UP 2lsize used in the actual offset calculation. When lsize is an odd number, the parser advance...

7.5CVSS6.7AI score0.00839EPSS
Exploits0References10
OSV
OSV
added 2025/10/04 12:11 a.m.19 views

RLSA-2025:7242 Moderate: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer1-plugins-good: OOB-read in...

6.2CVSS6.7AI score0.01161EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42835

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.01161EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.4 views

The vulnerability of the gst_wavparse_cue_chunk function in the Gstreamer multimedia framework, which allows a hacker to access confidential information

The vulnerability of the gstwavparsecuechunk function in the Gstreamer multimedia framework relates to reading data outside of the allowed range by the WAV parser. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...

9.4CVSS6.7AI score0.01161EPSS
Exploits0References13Affected Software13
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.5 views

The vulnerability of the gst_wavparse_smpl_chunk function in the Gstreamer multimedia framework allows a attacker to cause a service failure.

The vulnerability of the gstwavparsesmplchunk function in the Gstreamer multimedia framework is related to reading beyond the allowed range of memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

9.4CVSS6.7AI score0.01161EPSS
Exploits0References13Affected Software8
SUSE CVE
SUSE CVE
added 2024/12/13 12:28 a.m.3 views

SUSE CVE-2024-47777

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

5.5CVSS7AI score0.01161EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2024/12/13 12:28 a.m.1 views

SUSE CVE-2024-47778

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. ...

5.5CVSS6.8AI score0.00839EPSS
Exploits0References10
OSV
OSV
added 2024/12/12 2:3 a.m.2 views

DEBIAN-CVE-2024-47776

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...

9.1CVSS6.6AI score0.01161EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 2:3 a.m.1 views

DEBIAN-CVE-2024-47777

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

9.1CVSS6.7AI score0.01161EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 2:3 a.m.6 views

AZL-62372 CVE-2024-47776 affecting package gstreamer1 1.20.0-2

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...

9.1CVSS5.8AI score0.01161EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 12:0 a.m.1 views

UBUNTU-CVE-2024-47776

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...

9.1CVSS5.9AI score0.01161EPSS
Exploits0References5
OSV
OSV
added 2024/12/12 12:0 a.m.2 views

UBUNTU-CVE-2024-47778

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. ...

7.5CVSS6.9AI score0.00839EPSS
Exploits0References5
Rows per page
Query Builder