CVE-2024-47613

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 19, 2024
CWE ID 787
CWE ID 476

Summary

CVE-2024-47613 is a newly identified vulnerability affecting the GStreamer media library. The issue lies in the `gst_gdk_pixbuf_dec_flush` function within `gstgdkpixbufdec.c`. This function uses `memcpy`, with `out_pix` as the destination address, which is assumed to point to the frame 0 from the frame structure. However, in specific conditions, `out_pix` can instead point to a NULL frame. Consequently, the `memcpy` call attempts to write data to a null address, resulting in a null pointer dereference and a subsequent segmentation fault (SEGV). This DoS vulnerability has been addressed in the 1.24.10 release of GStreamer.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project