VYPR
Unrated severityNVD Advisory· Published Dec 11, 2024· Updated Nov 3, 2025

GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples

CVE-2024-47597

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

59

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.