Unrated severityNVD Advisory· Published Dec 11, 2024· Updated Nov 3, 2025

GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet

CVE-2024-47538

Description

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.

Affected products

Gstreamer/Gstreamerv5
Range: < 1.24.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gstreamer.freedesktop.org/security/sa-2024-0022.htmlmitrex_refsource_MISC
securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000