CVE-2024-47834
EUVD-2024-4283812.12.2024, 02:03
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gstreamer | gstreamer | 𝑥 < 1.24.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gst-plugins-good0.10 |
| ||||||||||||||||
| gst-plugins-good1.0 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gstreamer-plugins-good |
| ||||||||||||||||||||||||
| gstreamer-plugins-good-lang |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration