CVE-2024-47775 GHSL-2024-261: GStreamer has an OOB-read in parse_ds64

🗓️ 11 Dec 2024 19:15:44Reported by GitHub_MType

vulnrichment

vulnrichment🔗 github.com👁 16 Views

GStreamer OOB-read vulnerability in parse_ds64, fixed in version 1.24.10, may cause data leaks.

Reporter	Title	Published	Views	Family All 136
FreeBSD	gstreamer1-plugins-good -- multiple vulnerabilities	3 Dec 202400:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : gstreamer1-plugins-good (ALAS-2025-2964)	19 Aug 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2025:7242)	3 Jul 202500:00	–	nessus
Tenable Nessus	Debian dla-4071 : gstreamer1.0-gtk3 - security update	28 Feb 202500:00	–	nessus
Tenable Nessus	Debian dsa-5838 : gstreamer1.0-gtk3 - security update	29 Dec 202400:00	–	nessus
Tenable Nessus	Fedora 41 : mingw-directxmath / mingw-gstreamer1 / etc (2024-0a5722a980)	22 Dec 202400:00	–	nessus
Tenable Nessus	Fedora 40 : mingw-directxmath / mingw-gstreamer1 / etc (2024-2284729772)	22 Dec 202400:00	–	nessus
Tenable Nessus	FreeBSD : gstreamer1-plugins-good -- multiple vulnerabilities (750ab972-b3e8-11ef-b680-4ccc6adda413)	7 Dec 202400:00	–	nessus
Tenable Nessus	GLSA-202506-02 : GStreamer, GStreamer Plugins: Multiple Vulnerabilities	25 Jun 202500:00	–	nessus
Tenable Nessus	MiracleLinux 9 : gstreamer1-plugins-good-1.22.12-4.el9 (AXSA:2025-10303:01)	13 Jan 202600:00	–	nessus

Source	Link
securitylab	www.securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/
gitlab	www.gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch
gstreamer	www.gstreamer.freedesktop.org/security/sa-2024-0027.html

11 Dec 2024 19:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS 45.1

EPSS0.0024

SSVC

gstreamer oob-read vulnerability parse_ds64 function denial of service version 1.24.10