#VU101216 Stack-based buffer overflow in gst-plugins-base and gstreamer - CVE-2024-47607
Vulnerability identifier: #VU101216
Vulnerability risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID:
CWE-ID:
CWE-121
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
gst-plugins-base
Other software /
Other software solutions
gstreamer
Client/Desktop applications /
Multimedia software
Vendor: GStreamer
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Opus decoder. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
gst-plugins-base: 1.0.0 - 1.24.9
gstreamer: 1.0.0 - 1.24.9
External links
https://gstreamer.freedesktop.org/security/sa-2024-0024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
