%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
CVE-2024-47537
Description
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
CWEs
Published Date
Updated Date
Workaround
-
Analysis#
Vulnerability Ratings#
8.6
CVSSv4
9.8
CVSSv31
NaN
other
Others affected components#
Name
Project
Project Version
Version
Status
buildroot
2025.02.x
1.24.13
Not Affected
buildroot
master
1.24.13
Not Affected
openwrt
master
1.26.4-r2
Not Affected
openwrt
openwrt-25.12
1.26.4-r2
Not Affected
yocto
kirkstone
1.20.7
Not Affected
yocto
kirkstone
1.20.7
Patched
yocto
master
1.28.4
Not Affected
yocto
master
1.28.4
Not Affected
Resolved with patches#
gstreamer1.0-plugins-good (yocto:kirkstone)
#
Title
Author
Resolve
1
qtdemux: Add size check for parsing SMI / SEQH atom
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
2
qtdemux: Check for invalid atom length when extracting Closed
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
3
qtdemux: Fix integer overflow when allocating the samples
Antonio Morales <antonio-morales@github.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
4
qtdemux: Make sure only an even number of bytes is processed
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
5
qtdemux: Make sure there are enough offsets to read when
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
6
qtdemux: Check sizes of stsc/stco/stts before trying to merge
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
7
qtdemux: Skip zero-sized boxes instead of stopping to look at
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
8
qtdemux: Make sure enough data is available before reading
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
9
qtdemux: Fix error handling when parsing cenc sample groups
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
10
qtdemux: Don't iterate over all trun entries if none of the
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
11
qtdemux: Fix debug output during trun parsing
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
12
qtdemux: Fix length checks and offsets in stsd entry parsing
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
13
qtdemux: Actually handle errors returns from various
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
gstreamer1.0-plugins-good (yocto:scarthgap)
#
Title
Author
Resolve
1
qtdemux: Fix integer overflow when allocating the
Antonio Morales <antonio-morales@github.com>
CVE-2024-47537