Login Sign Up

CVE-2024-47541

7.5 HIGH

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in GStreamer's SSA subtitle parser. Attackers can exploit this by crafting malicious media files with malformed SSA override codes, potentially leading to arbitrary code execution. Any application using GStreamer to process SSA subtitle files is affected.

💻 Affected Systems

Products:
  • GStreamer
  • Applications using GStreamer library
Versions: All versions before 1.24.10
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems processing SSA subtitle files. Many distributions ship vulnerable versions.

📦 What is this software?

Gstreamer by Gstreamer Project

View all CVEs affecting Gstreamer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the GStreamer process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

With proper sandboxing and privilege separation, impact is limited to the sandboxed process.

🌐 Internet-Facing: MEDIUM - Requires processing malicious media files, but many internet-facing services handle user-uploaded media.
🏢 Internal Only: LOW - Requires user interaction or specific media processing workflows internally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific malformed SSA files. No public exploit code available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.24.10

Vendor Advisory: https://gstreamer.freedesktop.org/security/sa-2024-0023.html

Restart Required: Yes

Instructions:

1. Update GStreamer to version 1.24.10 or later. 2. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade gstreamer1.0' (Debian/Ubuntu) or 'sudo yum update gstreamer' (RHEL/CentOS). 3. Restart affected applications.

🔧 Temporary Workarounds

Disable SSA subtitle processing

all

Configure applications to disable SSA subtitle parsing if not needed.

Application-specific configuration required

Input validation

all

Reject media files with malformed SSA override codes before processing.

Custom validation script required

🧯 If You Can't Patch

  • Isolate media processing to dedicated, sandboxed systems with minimal privileges.
  • Implement strict file upload validation and only accept trusted media sources.

🔍 How to Verify

Check if Vulnerable:

Check GStreamer version: 'gst-inspect-1.0 --version' or 'dpkg -l | grep gstreamer' on Debian systems.

Check Version:

gst-inspect-1.0 --version | head -1

Verify Fix Applied:

Confirm version is 1.24.10 or later using version check command.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory corruption errors in system logs

Network Indicators:

  • Unusual media file uploads with .ssa/.ass extensions

SIEM Query:

Process crashes from gstreamer-related binaries OR file uploads with .ssa/.ass extensions from untrusted sources

📊 Metadata

CVE ID: CVE-2024-47541
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: December 12, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47541, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)