Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c
Vulnerability Description
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
GStreamer 输入验证错误漏洞
Vulnerability Description
GStreamer是GStreamer开源的一套用于处理流媒体的框架。 GStreamer存在输入验证错误漏洞,该漏洞源于当samples_count足够大时,则可能导致加法过程中出现整数溢出。
CVSS Information
N/A
Vulnerability Type
N/A