CVE-2024-47599

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 18, 2024
CWE ID 476

Summary

CVE-2024-47599 is a newly discovered vulnerability in the GStreamer library's gstjpegdec.c file. Specifically, the gst_jpeg_dec_negotiate function contains a null pointer dereference issue. This occurs when gst_video_decoder_set_output_state fails to return a valid value, but the function still attempts to dereference the outstate pointer. Consequently, this vulnerability can lead to a Denial of Service (DoS) event via a segmentation fault (SEGV). This issue has been rectified in the 1.24.10 release.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project