PT-2024-9587 · Gstreamer+9 · Gstreamer+9

Antonio Morales

+1

·

Published

2024-10-07

·

Updated

2025-10-07

·

CVE-2024-47835

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10
Description A null pointer dereference issue has been identified in the parse lrc function within gstsubparse.c. This function calls strchr() to find the character ']' in the string line. If the string line does not contain the character ']', strchr() returns NULL, and a subsequent call to g strdup(start + 1) leads to a null pointer dereference. This issue can be exploited to cause a denial of service.
Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider disabling the parse lrc function until a patch is available. Restrict access to the vulnerable gstsubparse.c module to minimize the risk of exploitation. Avoid using the parse lrc function in the affected API endpoint until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:7243
ALSA-2025_7243
ALT-PU-2025-2299
AZL-54303
AZL-54350
AZL-62363
BDU:2024-11294
CVE-2024-47835
DLA-3999-1
DSA-5831-1
INFSA-2025_7243
MGASA-2025-0040
OESA-2024-2563
OPENSUSE-SU-2024:14577-1
OPENSUSE-SU-2025_0054-1
OPENSUSE-SU-2025_0065-1
OPENSUSE-SU-2025_0069-1
RHSA-2025:7243
RHSA-2025_7243
SUSE-SU-2025:0052-1
SUSE-SU-2025:0054-1
SUSE-SU-2025:0065-1
SUSE-SU-2025:0069-1
SUSE-SU-2025:02020-1
SUSE-SU-2025:20134-1
SUSE-SU-2025:20241-1
SUSE-SU-2025_02020-1
USN-7175-1
USN-7807-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu