CVE-2024-47601

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10

Description A null pointer dereference vulnerability has been discovered in the gst matroska demux parse blockgroup or simpleblock function within matroska-demux.c. This function does not properly check the validity of the *sub pointer of GstBuffer before performing dereferences, which may result in null pointer dereferences. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider disabling the gst matroska demux parse blockgroup or simpleblock function until a patch is available. Restrict access to the matroska-demux.c module to minimize the risk of exploitation. Avoid using the GstBuffer *sub pointer in the affected function until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:7242

ALSA-2025_7242

ALT-PU-2025-2299

AZL-62348

BDU:2025-00870

CVE-2024-47601

DLA-4071-1

DSA-5838-1

INFSA-2025_7242

MGASA-2025-0040

OESA-2024-2592

OESA-2024-2593

OESA-2024-2594

OESA-2024-2595

OESA-2024-2596

OPENSUSE-SU-2024:14578-1

OPENSUSE-SU-2025_0055-1

OPENSUSE-SU-2025_0064-1

OPENSUSE-SU-2025_0067-1

RHSA-2025:7242

RHSA-2025_7242

SUSE-SU-2025:00063-1

SUSE-SU-2025:0055-1

SUSE-SU-2025:0063-1

SUSE-SU-2025:0064-1

SUSE-SU-2025:0067-1

SUSE-SU-2025:02055-1

SUSE-SU-2025_02055-1

USN-7176-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Gstreamer

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-47601

Weakness Enumeration

Related Identifiers

Affected Products

References · 189