Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-47602
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-11 Dec, 2024 | 19:10
Updated At-03 Nov, 2025 | 20:39
Rejected At-
▼CVE Numbering Authority (CNA)
GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.

Affected Products
Vendor
gstreamer
Product
gstreamer
Versions
Affected
  • < 1.24.10
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476: NULL Pointer Dereference
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.06.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0019.html
x_refsource_MISC
Hyperlink: https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/
Resource:
x_refsource_CONFIRM
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch
Resource:
x_refsource_MISC
Hyperlink: https://gstreamer.freedesktop.org/security/sa-2024-0019.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html
Resource: N/A
Details not found