Use-After-Free Vulnerability in GStreamer Media Handling Library
CVE-2024-47834

9.1CRITICAL

Key Information:

Vendor: Gstreamer Project
Status: Gstreamer
Vendor: CVE Published:; 12 December 2024

🔔 Create Gstreamer Project Vulnerability Alert

What is CVE-2024-47834?

A Use-After-Free read vulnerability has been identified in the GStreamer Media Handling Library affecting the processing of CodecPrivate elements in Matroska streams. Specifically, during the gst_matroska_demux_parse_stream function, memory allocated for a data chunk is improperly freed in the gst_matroska_track_free function. Subsequently, the application erroneously accesses this freed memory in the caps_serialize function via gst_value_serialize_buffer. This flaw presents a significant security concern, as it permits the read access of already deallocated memory, potentially leading to unstable application behavior or exploitation. This vulnerability has been addressed in version 1.24.10.

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...

https://gstreamer.freedesktop.org/security/sa-2024-0030.html

https://securitylab.github.com/advisories/GHSL-2024-280_G...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024