{"id":"CVE-2024-47607","summary":"GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header","details":"GStreamer is a library for constructing graphs of media-handling components.  stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.","modified":"2026-04-10T04:14:15.868785Z","published":"2024-12-11T19:13:27.569Z","related":["ALSA-2024:11123","ALSA-2024:11345","RLSA-2024:11123","SUSE-SU-2025:0052-1","SUSE-SU-2025:0054-1","SUSE-SU-2025:0065-1","SUSE-SU-2025:0069-1","SUSE-SU-2025:02020-1","SUSE-SU-2025:20134-1","SUSE-SU-2025:20241-1","openSUSE-SU-2025:14625-1"],"database_specific":{"cwe_ids":["CWE-121"],"cna_assigner":"GitHub_M","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"1.24.10"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47607.json"},"references":[{"type":"WEB","url":"https://gstreamer.freedesktop.org/security/sa-2024-0024.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47607.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47607"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"},{"type":"FIX","url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gstreamer/gstreamer","events":[{"introduced":"0"},{"fixed":"5be4b6f03689ab438822f6cfcd13f1f300afe203"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.24.10"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.1.1","1.1.2","1.1.3","1.1.4","1.1.90","1.10.0","1.11.0","1.11.1","1.11.2","1.11.90","1.11.91","1.12.0","1.13.1","1.13.90","1.13.91","1.14.0","1.15.1","1.15.2","1.15.90","1.16.0","1.17.1","1.17.2","1.17.90","1.18.0","1.19.1","1.19.2","1.19.3","1.19.90","1.2.0","1.20.0","1.21.1","1.21.2","1.21.3","1.21.90","1.22.0","1.23.1","1.23.2","1.23.90","1.24.0","1.24.1","1.24.2","1.24.3","1.24.4","1.24.5","1.24.6","1.24.7","1.24.8","1.24.9","1.3.1","1.3.2","1.3.3","1.3.90","1.3.91","1.4.0","1.5.1","1.5.2","1.5.90","1.5.91","1.6.0","1.7.1","1.7.2","1.7.90","1.7.91","1.8.0","1.9.1","1.9.2","1.9.90","BEFORE_INDENT","BRANCH-AUTOPLUG2-ROOT","BRANCH-BUILD1-200112061-ROOT","BRANCH-BUILD1-200112101-ROOT","BRANCH-BUILD1-20011216-FREEZE","BRANCH-BUILD1-ROOT","BRANCH-CAPSNEGO1-ROOT","BRANCH-ERROR-ROOT","BRANCH-EVENTS1-200110161-ROOT","BRANCH-EVENTS1-ROOT","BRANCH-EVENTS2-ROOT","BRANCH-GOBJECT1-200106241-ROOT","BRANCH-GOBJECT1-ROOT","BRANCH-GSTREAMER-0_6-ROOT","BRANCH-GSTREAMER-0_8-ROOT","BRANCH-INCSCHED1-200104161-ROOT","BRANCH-INCSCHED1-200104251-ROOT","BRANCH-INCSCHED1-200105231-ROOT","BRANCH-INCSCHED1-200105251-ROOT","BRANCH-INCSCHED1-ROOT","BRANCH-PLUGINVER1-20010422-ROOT","BRANCH-PLUGINVER1-ROOT","BRANCH-RELEASE-0_3_3-ROOT","BRANCH-RELEASE-0_3_4-ROOT","BRANCH-RELEASE-0_4_0-ROOT","BRANCH-RELEASE-0_4_1-ROOT","BRANCH-RELEASE-0_4_2-ROOT","BRANCH-RELEASE-0_5_0-ROOT","BRANCH-RELEASE-0_5_1-ROOT","BRANCH-RELEASE-0_5_2-ROOT","BRANCH-RELEASE-0_7_2-ROOT","BRANCH-RELEASE-0_7_4-ROOT","BRANCH-RELEASE-0_7_5-ROOT","CAPS-MERGE-1","CAPS-MERGE-2","CAPS-MERGE-3","CAPS-ROOT","CHANGELOG_START","DEBIAN-0_3_1-1","EVENTS1-200110161-FREEZE","GIT_CONVERSION","GOBJECT1-200106241","GOBJECT1-200106241-FREEZE","HEAD-20010306-PRE_AUTOPLUG2","HEAD-20010312-PRE_CAPSNEGO1","INCSCHED1-200105251","INCSCHED1-200105251-FREEZE","MOVE-TO-FDO","OSLOSUMMIT1-200303051","PLUGINVER1-20010422","PLUGINVER1-20010422-FREEZE","RELEASE-0.10.23","RELEASE-0.10.24","RELEASE-0.10.25","RELEASE-0.10.26","RELEASE-0.10.27","RELEASE-0.10.28","RELEASE-0.10.29","RELEASE-0.10.30","RELEASE-0.10.31","RELEASE-0.11.0","RELEASE-0.11.1","RELEASE-0.11.2","RELEASE-0.11.90","RELEASE-0.11.91","RELEASE-0.11.92","RELEASE-0.11.93","RELEASE-0.11.94","RELEASE-0.11.99","RELEASE-0_10_0","RELEASE-0_10_1","RELEASE-0_10_10","RELEASE-0_10_11","RELEASE-0_10_12","RELEASE-0_10_13","RELEASE-0_10_14","RELEASE-0_10_15","RELEASE-0_10_16","RELEASE-0_10_17","RELEASE-0_10_18","RELEASE-0_10_2","RELEASE-0_10_20","RELEASE-0_10_21","RELEASE-0_10_22","RELEASE-0_10_3","RELEASE-0_10_4","RELEASE-0_10_5","RELEASE-0_10_6","RELEASE-0_10_7","RELEASE-0_10_8","RELEASE-0_10_9","RELEASE-0_1_0-SLIPSTREAM","RELEASE-0_1_1-DUCTTAPE","RELEASE-0_2_0-CRITICALMASS","RELEASE-0_2_1-SEDIMASTER","RELEASE-0_2_1-UNKN","RELEASE-0_3_0-EVENTFUL","RELEASE-0_3_1-BELGIANBEER","RELEASE-0_3_2-DOBDAY","RELEASE-0_7_1","RELEASE-0_7_2","RELEASE-0_7_3","RELEASE-0_7_6","RELEASE-0_8_0","RELEASE-0_8_1","RELEASE-0_8_2","RELEASE-0_8_3","RELEASE-0_8_4","RELEASE-0_8_6","RELEASE-0_8_7","RELEASE-0_8_8","RELEASE-0_8_9","RELEASE-0_9_2","RELEASE-0_9_3","RELEASE-0_9_4","RELEASE-0_9_5","RELEASE-0_9_6","RELEASE-0_9_7","TYPEFIND-ROOT","monorepo-start","start"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47607.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}