CVE-2024-47777

Publication date 12 December 2024

Last updated 12 December 2024

Ubuntu priority

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gst-plugins-good0.10	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	16.04 LTS xenial	Needs evaluation
gst-plugins-good1.0	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

Notes

mdeslaur

same commits as listed in CVE-2024-47775

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gst-plugins-good1.0	Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch Upstream: c627f3a Upstream: f5fa594 Upstream: 8911020 Upstream: 8f04506 Upstream: 3d2a584 Upstream: 34cfd6b Upstream: ba8476d

CVE-2024-47777

Status

Notes

mdeslaur

Patch details

References

Other references