CVE-2024-47540
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-47540 is a vulnerability affecting the GStreamer library's matroska-demux component. The issue lies in the function gst_matroska_demux_add_wvpk_header within matroska-demux.c. If the size parameter is less than 4, the program encounters an uninitialized stack variable when calling gst_buffer_unmap. This uninitialized variable is then used in the gst_memory_unmap function, leading to a function pointer hijack. An attacker could exploit this vulnerability by hijacking the execution flow, potentially gaining code execution. The vulnerability is resolved in version 1.24.10.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project