Remote Code Execution Vulnerability in GStreamer EXIF Metadata Parsing by Freedesktop
CVE-2024-4453

7.8HIGH

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
22 May 2024

What is CVE-2024-4453?

This vulnerability pertains to the GStreamer library, specifically its handling of EXIF metadata parsing. A flaw arises from insufficient validation of user-supplied data, leading to an integer overflow prior to buffer allocation. As a result, an attacker could exploit this issue to execute arbitrary code within the context of the current process. Proper implementation and interaction with this library are necessary for exploitation, highlighting the need for users and developers to apply the latest security patches and enhancements to safeguard against such attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GStreamer fc0ef6ede6ceda8c89326b38899d4944a8091f40 and 1.24.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-467/
x_research-advisory
https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68...
vendor-advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg0...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.