Null Pointer Dereference in GStreamer Media Library
CVE-2024-47603

6.8MEDIUM

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
12 December 2024

What is CVE-2024-47603?

The GStreamer media handling library contains a null pointer dereference vulnerability located in the gst_matroska_demux_update_tracks function of the matroska-demux.c file. This vulnerability arises when the gst_caps_is_equal function is invoked with invalid capabilities values, leading to a subsequent call to gst_buffer_get_size that may return a null pointer. When the size field of this null pointer is dereferenced, it results in a null pointer dereference, potentially causing application crashes or other unintended behaviors. This issue has been addressed in version 1.24.10 of GStreamer, and users are advised to update their installations to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gstreamer < 1.24.10

References

https://securitylab.github.com/advisories/GHSL-2024-251_G...
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0021.html
x_refsource_MISC

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

JSON
.