CVE-2024-47777

Publication date 12 December 2024

Last updated 18 December 2024

Ubuntu priority

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gst-plugins-good0.10	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	16.04 LTS xenial	Needs evaluation
gst-plugins-good1.0	24.10 oracular	Fixed 1.24.8-1ubuntu1.1
	24.04 LTS noble	Fixed 1.24.2-1ubuntu1.1
	22.04 LTS jammy	Fixed 1.20.3-0ubuntu1.3
	20.04 LTS focal	Fixed 1.16.3-0ubuntu1.3
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

Notes

mdeslaur

same commits as listed in CVE-2024-47775

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gst-plugins-good1.0	Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch Upstream: c627f3a Upstream: f5fa594 Upstream: 8911020 Upstream: 8f04506 Upstream: 3d2a584 Upstream: 34cfd6b Upstream: ba8476d

References

Related Ubuntu Security Notices (USN)