Overview
GStreamer has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-40897
- GStreamer ORC versions: ~ 0.4.39 (excluded)
Resolved Vulnerabilities
Buffer overflow vulnerability in ORC ‘orcparse.c’ that could allow arbitrary code execution when handling malicious files (CVE-2024-40897)
Vulnerability Patches
Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-40897
- GStreamer ORC version: 0.4.39
Referenced Sites
[1] CVE-2024-40897 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-40897
[2] ORC vulnerable to stack-based buffer overflow
https://jvn.jp/en/jp/JVN02030803/
[3] Orc 0.4.39 bug-fix release
https://gstreamer.freedesktop.org/news/
Article Link: GStreamer Product Security Update Advisory (CVE-2024-40897) – ASEC