Use-After-Free Vulnerability in GStreamer Media Handling Library
CVE-2024-47834

5.1MEDIUM

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
12 December 2024

What is CVE-2024-47834?

A Use-After-Free read vulnerability has been identified in the GStreamer Media Handling Library affecting the processing of CodecPrivate elements in Matroska streams. Specifically, during the gst_matroska_demux_parse_stream function, memory allocated for a data chunk is improperly freed in the gst_matroska_track_free function. Subsequently, the application erroneously accesses this freed memory in the caps_serialize function via gst_value_serialize_buffer. This flaw presents a significant security concern, as it permits the read access of already deallocated memory, potentially leading to unstable application behavior or exploitation. This vulnerability has been addressed in version 1.24.10.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gstreamer < 1.24.10

References

https://securitylab.github.com/advisories/GHSL-2024-280_G...
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0030.html
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.