VYPR
Unrated severityNVD Advisory· Published Dec 11, 2024· Updated Nov 3, 2025

GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet

CVE-2024-47538

Description

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

32

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.