CVE-2024-47601

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 18, 2024
CWE ID 476

Summary

CVE-2024-47601 is a null pointer dereference vulnerability affecting the GStreamer library, specifically the function gst_matroska_demux_parse_blockgroup_or_simpleblock within matroska-demux.c. This issue arises due to insufficient validation of a sub pointer, leading to potential null pointer dereferences. If exploited, this vulnerability could have serious implications, potentially causing application crashes or even enabling remote code execution. The affected version is 1.24.10 and later patches are available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project