{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47537", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-25T21:46:10.929Z", "datePublished": "2024-12-11T18:51:56.158Z", "dateUpdated": "2024-12-11T19:15:49.449Z"}, "containers": {"cna": {"title": "GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"}, {"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"}, {"name": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html", "tags": ["x_refsource_MISC"], "url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"}], "affected": [{"vendor": "gstreamer", "product": "gstreamer", "versions": [{"version": "< 1.24.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T18:51:56.158Z"}, "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10."}], "source": {"advisory": "GHSA-2939-37w3-9rg9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-11T19:15:39.558211Z", "id": "CVE-2024-47537", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T19:15:49.449Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47537", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-11T19:15:39.558211Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T19:15:44.884Z"}}], "cna": {"title": "GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c", "source": {"advisory": "GHSA-2939-37w3-9rg9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "gstreamer", "product": "gstreamer", "versions": [{"status": "affected", "version": "< 1.24.10"}]}], "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/", "name": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "tags": ["x_refsource_MISC"]}, {"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html", "name": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T18:51:56.158Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47537", "state": "PUBLISHED", "dateUpdated": "2024-12-11T19:15:49.449Z", "dateReserved": "2024-09-25T21:46:10.929Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-11T18:51:56.158Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0", "versionEndExcluding": "1.24.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10."}, {"lang": "es", "value": "GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. El programa intenta reasignar la memoria a la que apunta stream-&gt;samples para acomodar elementos stream-&gt;n_samples + samples_count del tipo QtDemuxSample. El problema es que samples_count se lee desde el archivo de entrada. Y si este valor es lo suficientemente grande, esto puede provocar un desbordamiento de enteros durante la adici\u00f3n. Como consecuencia, g_try_renew podr\u00eda asignar memoria para una cantidad significativamente menor de elementos de lo previsto. Despu\u00e9s de esto, el programa itera a trav\u00e9s de los elementos samples_count e intenta escribir la cantidad de elementos samples_count, lo que podr\u00eda exceder el tama\u00f1o real de la memoria asignada y provocar una escritura OOB. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10."}], "id": "CVE-2024-47537", "lastModified": "2024-12-19T15:20:52.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-12-12T02:03:27.877", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:11344", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "gstreamer1-plugins-base-0:1.10.4-3.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11344", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "gstreamer1-plugins-good-0:1.10.4-3.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11299", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gstreamer1-plugins-good-0:1.16.1-5.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11148", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "gstreamer1-plugins-good-0:1.16.1-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11346", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "gstreamer1-plugins-good-0:1.16.1-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11346", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "gstreamer1-plugins-good-0:1.16.1-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11346", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "gstreamer1-plugins-good-0:1.16.1-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11149", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "gstreamer1-plugins-good-0:1.16.1-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11149", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "gstreamer1-plugins-good-0:1.16.1-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11149", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "gstreamer1-plugins-good-0:1.16.1-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11348", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "gstreamer1-plugins-good-0:1.16.1-4.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11122", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gstreamer1-plugins-good-0:1.22.1-3.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11298", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "gstreamer1-plugins-good-0:1.18.4-6.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11119", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "gstreamer1-plugins-good-0:1.18.4-7.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11121", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "gstreamer1-plugins-good-0:1.22.1-3.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-16T00:00:00Z"}], "bugzilla": {"description": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c", "id": "2331722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "(CWE-190|CWE-787)", "details": ["GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.", "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-47537", "public_date": "2024-12-11T18:51:56Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47537\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47537\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch\nhttps://gstreamer.freedesktop.org/security/sa-2024-0005.html\nhttps://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"], "statement": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.", "threat_severity": "Important"}