216.73.217.22

CVE-2024-47613

· Published 12/12/2024 02:03 · Modified 19/12/2024 22:15

Labels: CVE-2024-47613 2024-12-12CVE-2024-47613CWE-476CWE-787[email protected]

Essential information

Published
12/12/2024 02:03
Modified
19/12/2024 22:15
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.

NVD status

Status
Modified — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gstreamer project / gstreamer cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

References