Metrics
Affected Vendors & Products
Fri, 13 Dec 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gstreamer Project
Gstreamer Project gstreamer |
|
CPEs | cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gstreamer Project
Gstreamer Project gstreamer |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 12 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Wed, 11 Dec 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10. | |
Title | GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser | |
Weaknesses | CWE-787 | |
References |
| |
Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-11T18:54:33.099Z
Updated: 2024-12-12T14:33:13.881Z
Reserved: 2024-09-25T21:46:10.930Z
Link: CVE-2024-47541
Updated: 2024-12-12T14:33:10.531Z
Status : Analyzed
Published: 2024-12-12T02:03:28.477
Modified: 2024-12-13T19:21:49.873
Link: CVE-2024-47541