PT-2024-10368 · Gstreamer+10 · Gstreamer+10

Antonio Morales

+1

·

Published

2024-12-11

·

Updated

2025-06-24

·

CVE-2024-47602

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10
Description The issue is related to a null pointer dereference vulnerability in the gst matroska demux add wvpk header function. This vulnerability can be exploited by a remote attacker to cause a denial of service. The function does not properly check the validity of the stream->codec priv pointer, which can lead to a crash of the application if stream->codec priv is NULL.
Recommendations For versions prior to 1.24.10, update to version 1.24.10 or later to resolve the issue. As a temporary workaround, consider disabling the gst matroska demux add wvpk header function until a patch is available. Restrict access to the matroska-demux component to minimize the risk of exploitation. Avoid using the stream->codec priv pointer in the affected code until the issue is resolved.

Exploit

Fix

Out of bounds Read

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-476

Related Identifiers

ALSA-2025:7242
ALSA-2025_7242
ALT-PU-2025-2299
AZL-62354
BDU:2025-00873
CVE-2024-47602
DLA-4071-1
DSA-5838-1
INFSA-2025_7242
MGASA-2025-0040
OESA-2024-2592
OESA-2024-2593
OESA-2024-2594
OESA-2024-2595
OESA-2024-2596
OPENSUSE-SU-2025_0055-1
OPENSUSE-SU-2025_0064-1
OPENSUSE-SU-2025_0067-1
RHSA-2025:7242
RHSA-2025_7242
SUSE-SU-2025:00063-1
SUSE-SU-2025:0055-1
SUSE-SU-2025:0063-1
SUSE-SU-2025:0064-1
SUSE-SU-2025:0067-1
SUSE-SU-2025:02055-1
SUSE-SU-2025_02055-1
USN-7176-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu