{"id":"AZL-54365","summary":"CVE-2024-47615 affecting package gstreamer1-plugins-base 1.20.0-3","details":"GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad-\u003evorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad-\u003evorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.","modified":"2026-04-01T05:18:15.157288Z","published":"2024-12-12T02:03:32Z","upstream":["CVE-2024-47615"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47615"}],"affected":[{"package":{"name":"gstreamer1-plugins-base","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/gstreamer1-plugins-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.20.0-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54365.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}