CVE-2024-47613
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-47613 is a newly identified vulnerability affecting the GStreamer media library. The issue lies in the `gst_gdk_pixbuf_dec_flush` function within `gstgdkpixbufdec.c`. This function uses `memcpy`, with `out_pix` as the destination address, which is assumed to point to the frame 0 from the frame structure. However, in specific conditions, `out_pix` can instead point to a NULL frame. Consequently, the `memcpy` call attempts to write data to a null address, resulting in a null pointer dereference and a subsequent segmentation fault (SEGV). This DoS vulnerability has been addressed in the 1.24.10 release of GStreamer.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project