CVE-2024-47540

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 18, 2024
CWE ID 908
CWE ID 457

Summary

CVE-2024-47540 is a vulnerability affecting the GStreamer library's matroska-demux component. The issue lies in the function gst_matroska_demux_add_wvpk_header within matroska-demux.c. If the size parameter is less than 4, the program encounters an uninitialized stack variable when calling gst_buffer_unmap. This uninitialized variable is then used in the gst_memory_unmap function, leading to a function pointer hijack. An attacker could exploit this vulnerability by hijacking the execution flow, potentially gaining code execution. The vulnerability is resolved in version 1.24.10.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project