CVE-2024-47599
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 12, 2024
Updated: Dec 18, 2024
CWE ID 476
Summary
CVE-2024-47599 is a newly discovered vulnerability in the GStreamer library's gstjpegdec.c file. Specifically, the gst_jpeg_dec_negotiate function contains a null pointer dereference issue. This occurs when gst_video_decoder_set_output_state fails to return a valid value, but the function still attempts to dereference the outstate pointer. Consequently, this vulnerability can lead to a Denial of Service (DoS) event via a segmentation fault (SEGV). This issue has been rectified in the 1.24.10 release.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project