Vulnerabilities > CVE-2024-47601 - NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gstreamer-project
CWE-476
NVD
Published: 2024-12-12
Updated: 2024-12-18

Summary

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.

Vulnerable Configurations

Part Description Count
Application
Gstreamer_Project
173

Common Weakness Enumeration (CWE)

References