PT-2024-10369 · Gstreamer+10 · Gstreamer+10

Antonio Morales

Published

2024-12-11

Updated

2025-06-24

CVE-2024-47599

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10

Description The issue is related to a null pointer dereference vulnerability in the gst jpeg dec negotiate function. This vulnerability can be exploited by a remote attacker to cause a Denial of Service (DoS) by triggering a segmentation fault. The vulnerability occurs because the gst jpeg dec negotiate function does not check for a NULL return value from gst video decoder set output state, leading to null pointer dereferences.

Recommendations For versions prior to 1.24.10, update to version 1.24.10 or later to resolve the issue. As a temporary workaround, consider disabling the gst jpeg dec negotiate function until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:7242

ALSA-2025_7242

ALT-PU-2025-2299

AZL-62387

BDU:2025-00874

CVE-2024-47599

DLA-4071-1

DSA-5838-1

INFSA-2025_7242

MGASA-2025-0040

OESA-2024-2592

OESA-2024-2593

OESA-2024-2594

OESA-2024-2595

OESA-2024-2596

OPENSUSE-SU-2024:14578-1

OPENSUSE-SU-2025_0055-1

OPENSUSE-SU-2025_0064-1

OPENSUSE-SU-2025_0067-1

RHSA-2025:7242

RHSA-2025_7242

SUSE-SU-2025:00063-1

SUSE-SU-2025:0055-1

SUSE-SU-2025:0063-1

SUSE-SU-2025:0064-1

SUSE-SU-2025:0067-1

SUSE-SU-2025:02055-1

SUSE-SU-2025_02055-1

USN-7176-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Gstreamer

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-10369 · Gstreamer+10 · Gstreamer+10

CVE-2024-47599

Weakness Enumeration

Related Identifiers

Affected Products

References · 189