GStreamer Product Security Update Advisory (CVE-2024-40897)

Overview

 

GStreamer has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

 

 

Affected Products

CVE-2024-40897

  • GStreamer ORC versions: ~ 0.4.39 (excluded)

 

 

Resolved Vulnerabilities

 

Buffer overflow vulnerability in ORC ‘orcparse.c’ that could allow arbitrary code execution when handling malicious files (CVE-2024-40897)

 

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-40897

  • GStreamer ORC version: 0.4.39

 

 

Referenced Sites

 

[1] CVE-2024-40897 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-40897

[2] ORC vulnerable to stack-based buffer overflow

https://jvn.jp/en/jp/JVN02030803/

[3] Orc 0.4.39 bug-fix release

https://gstreamer.freedesktop.org/news/

Article Link: GStreamer Product Security Update Advisory (CVE-2024-40897) – ASEC