PT-2024-10373 · Gstreamer+9 · Gstreamer+9

Antonio Morales

+1

·

Published

2024-12-09

·

Updated

2025-10-07

·

CVE-2024-47542

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10
Description A null pointer dereference has been discovered in the id3v2 read synch uint function, located in id3v2.c. If id3v2 read synch uint is called with a null work->hdr.frame data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This issue can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV).
Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider disabling the id3v2 read synch uint function until a patch is available. Restrict access to the id3v2.c module to minimize the risk of exploitation. Avoid using the work->hdr.frame data parameter in the affected function until the issue is resolved.

Exploit

Fix

DoS

Out of bounds Read

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-476

Related Identifiers

ALSA-2025:7243
ALSA-2025_7243
ALT-PU-2025-2299
AZL-54300
AZL-54341
AZL-62375
BDU:2025-00878
CVE-2024-47542
DLA-3999-1
INFSA-2025_7243
MGASA-2025-0040
OESA-2024-2563
OPENSUSE-SU-2024:14577-1
OPENSUSE-SU-2025_0054-1
OPENSUSE-SU-2025_0065-1
OPENSUSE-SU-2025_0069-1
RHSA-2025:7243
RHSA-2025_7243
SUSE-SU-2025:0052-1
SUSE-SU-2025:0054-1
SUSE-SU-2025:0065-1
SUSE-SU-2025:0069-1
SUSE-SU-2025:02020-1
SUSE-SU-2025:20134-1
SUSE-SU-2025:20241-1
SUSE-SU-2025_02020-1
USN-7175-1
USN-7807-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu