Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet
Vulnerability Description
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
GStreamer 缓冲区错误漏洞
Vulnerability Description
GStreamer是GStreamer开源的一套用于处理流媒体的框架。 GStreamer存在缓冲区错误漏洞,该漏洞源于在gstvorbisdec.c中的vorbis_handle_identification_packet函数中检测到堆栈缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A