SA-2025-006 - GStreamer Integer Underflow (CVE-202... - Extreme Networks

Summary

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution.

Products Potentially Affected

OS/Product	Exposure
ExtremeAnalytics for Site Engine	Yes
ExtremeCloud IQ - Site Engine (XIQ-SE)	Yes
ExtremeControl for Site Engine	Yes

Repair Recommendations

ExtremeAnalytics for Site Engine:

Fixed in 24.10.13 or later.

ExtremeCloud IQ - Site Engine (XIQ-SE):

Fixed in 24.10.13 or later.

ExtremeControl for Site Engine:

Fixed in 24.10.13 or later.

Please see the full security advisory article here for more details and updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

SA-2025-006 - GStreamer Integer Underflow (CVE-2024-47606)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)