PT-2024-9583 · Gstreamer+10 · Gstreamer+10

Antonio Morales

+1

·

Published

2024-09-30

·

Updated

2025-06-24

·

CVE-2024-47603

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10
Description A null pointer dereference vulnerability has been discovered in the gst matroska demux update tracks function within matroska-demux.c. The vulnerability occurs when the gst caps is equal function is called with invalid caps values, potentially leading to a null pointer being returned by GST BUFFER MEM PTR in the gst buffer get size function. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This issue can be exploited to cause a denial of service.
Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting the use of the gst matroska demux update tracks function until a patch is available. Avoid using the gst caps is equal function with invalid caps values in the affected API endpoint until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:7242
ALSA-2025_7242
ALT-PU-2025-2299
AZL-62378
BDU:2024-11290
CVE-2024-47603
DLA-4071-1
DSA-5838-1
INFSA-2025_7242
MGASA-2025-0040
OESA-2024-2592
OESA-2024-2593
OESA-2024-2594
OESA-2024-2595
OESA-2024-2596
OPENSUSE-SU-2025_0055-1
OPENSUSE-SU-2025_0064-1
OPENSUSE-SU-2025_0067-1
RHSA-2025:7242
RHSA-2025_7242
SUSE-SU-2025:00063-1
SUSE-SU-2025:0055-1
SUSE-SU-2025:0063-1
SUSE-SU-2025:0064-1
SUSE-SU-2025:0067-1
SUSE-SU-2025:02055-1
SUSE-SU-2025_02055-1
USN-7176-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu