{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47615", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-27T20:37:22.120Z", "datePublished": "2024-12-11T19:13:47.894Z", "dateUpdated": "2024-12-12T14:18:50.580Z"}, "containers": {"cna": {"title": "GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"}, {"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch", "tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch"}, {"name": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html", "tags": ["x_refsource_MISC"], "url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html"}], "affected": [{"vendor": "gstreamer", "product": "gstreamer", "versions": [{"version": "< 1.24.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T19:13:47.894Z"}, "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10."}], "source": {"advisory": "GHSA-c8rj-v4q3-38cx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-12T14:18:36.155409Z", "id": "CVE-2024-47615", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T14:18:50.580Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47615", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-12T14:18:36.155409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T14:18:47.049Z"}}], "cna": {"title": "GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer", "source": {"advisory": "GHSA-c8rj-v4q3-38cx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "gstreamer", "product": "gstreamer", "versions": [{"status": "affected", "version": "< 1.24.10"}]}], "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", "name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch", "name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch", "tags": ["x_refsource_MISC"]}, {"url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html", "name": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T19:13:47.894Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47615", "state": "PUBLISHED", "dateUpdated": "2024-12-12T14:18:50.580Z", "dateReserved": "2024-09-27T20:37:22.120Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-11T19:13:47.894Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0", "versionEndExcluding": "1.24.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10."}, {"lang": "es", "value": "GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se ha detectado una escritura OOB en la funci\u00f3n gst_parse_vorbis_setup_packet dentro de vorbis_parse.c. El tama\u00f1o entero se lee del archivo de entrada sin la validaci\u00f3n adecuada. Como resultado, el tama\u00f1o puede superar el tama\u00f1o fijo de la matriz pad-&gt;vorbis_mode_sizes (cuyo tama\u00f1o es 256). Cuando esto sucede, el bucle for sobrescribe toda la estructura pad con 0 y 1, lo que tambi\u00e9n afecta la memoria adyacente. Esta escritura OOB puede sobrescribir hasta 380 bytes de memoria m\u00e1s all\u00e1 de los l\u00edmites de la matriz pad-&gt;vorbis_mode_sizes. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10."}], "id": "CVE-2024-47615", "lastModified": "2024-12-18T19:57:16.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-12-12T02:03:32.940", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:11344", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "gstreamer1-plugins-base-0:1.10.4-3.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11344", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "gstreamer1-plugins-good-0:1.10.4-3.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11345", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gstreamer1-plugins-base-0:1.16.1-5.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11130", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "gstreamer1-plugins-base-0:1.16.1-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11143", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "gstreamer1-plugins-base-0:1.16.1-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11143", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "gstreamer1-plugins-base-0:1.16.1-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11143", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "gstreamer1-plugins-base-0:1.16.1-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11141", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "gstreamer1-plugins-base-0:1.16.1-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11141", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "gstreamer1-plugins-base-0:1.16.1-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11141", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "gstreamer1-plugins-base-0:1.16.1-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11142", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "gstreamer1-plugins-base-0:1.16.1-3.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11123", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gstreamer1-plugins-base-0:1.22.1-3.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11120", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "gstreamer1-plugins-base-0:1.18.4-7.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11117", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "gstreamer1-plugins-base-0:1.18.4-7.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11118", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "gstreamer1-plugins-base-0:1.22.1-3.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-16T00:00:00Z"}], "bugzilla": {"description": "gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer", "id": "2331740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331740"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.", "A flaw was found in the GStreamer library. An out-of-bounds write in the Ogg demuxer can cause crashes for certain input files. This vulnerability allows a malicious third party to trigger out-of-bounds writes that can result in the application's crash or possibly allow code execution through heap manipulation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-47615", "public_date": "2024-12-11T19:13:47Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47615\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47615\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch\nhttps://gstreamer.freedesktop.org/security/sa-2024-0026.html\nhttps://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"], "statement": "This vulnerability should be classified as important severity rather than moderate due to its potential impact on memory integrity and application stability. The out-of-bounds write (OOB-Write) in the `gst_parse_vorbis_setup_packet` function overwrites up to 380 bytes of memory beyond the boundaries of the `vorbis_mode_sizes` array, directly corrupting adjacent memory structures. Such corruption could lead to uncontrolled behavior, including crashes, denial of service, or even arbitrary code execution if an attacker crafts malicious input to exploit the overwritten memory. The absence of proper bounds validation makes the vulnerability exploitable with untrusted input, elevating the risk in scenarios where GStreamer is used to process external or user-supplied media files.", "threat_severity": "Important"}