5.1
CVE-2024-47775 - GHSL-2024-261: GStreamer has an OOB-read in parse_ds64
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiplβ¦
5.1
CVE-2024-47774 - GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Tβ¦
8.6
CVE-2024-47613 - GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to poβ¦
8.6
CVE-2024-47615 - GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of theβ¦
8.6
CVE-2024-47607 - GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the bβ¦
8.6
CVE-2024-47606 - GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead toβ¦
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended vβ¦
6.8
CVE-2024-47603 - GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid capβ¦
6.8
CVE-2024-47602 - GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer β¦
6.8
CVE-2024-47601 - GHSL-2024-249: GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *β¦
5.1
CVE-2024-47600 - GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the functβ¦