5.1
CVE-2024-47596 - GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaβ¦
6.9
CVE-2024-47546 - GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtracβ¦
5.3
CVE-2024-12480 - cjbi wetech-cms TopicDao.java searchTopic sql injection
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible tβ¦
6.9
CVE-2024-47545 - GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happenβ¦
6.8
CVE-2024-47544 - GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
9.1
CVE-2024-45337 - Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered isβ¦
5.1
CVE-2024-47543 - GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causesβ¦
6.8
CVE-2024-47542 - GHSL-2024-235: GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without vaβ¦
6.9
CVE-2024-47541 - GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codeβ¦
8.6
CVE-2024-47540 - GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variβ¦