Unrated severityNVD Advisory· Published Dec 11, 2024· Updated Nov 3, 2025

GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk

CVE-2024-47774

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.

Affected products

Gstreamer/Gstreamerv5
Range: < 1.24.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/github/securitylab-vulnerabilities/issues/1826mitrex_refsource_MISC
securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000