Debian Linux
CVE-2024-4453
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.
AnalysisAI
An integer overflow vulnerability in GStreamer's EXIF metadata parsing functionality allows remote attackers to execute arbitrary code when processing malicious media files containing crafted EXIF data. The vulnerability affects GStreamer versions 1.24.0 and 1.24.1, requiring user interaction to trigger but potentially leading to full system compromise in the context of the running process. With an EPSS score of 3.61% (88th percentile) indicating moderate real-world exploitation likelihood and patches available, this represents a significant risk for applications using GStreamer for media processing.
Technical ContextAI
GStreamer is a widely-used open-source multimedia framework that processes various media formats including images with EXIF metadata. The vulnerability stems from CWE-190 (Integer Overflow or Wraparound) occurring during EXIF metadata parsing, where insufficient validation of user-supplied data causes an integer overflow before buffer allocation. Based on the CPE data, specifically affected versions include GStreamer 1.24.0 and 1.24.1 (cpe:2.3:a:gstreamer:gstreamer:1.24.0 and cpe:2.3:a:gstreamer:gstreamer:1.24.1), with Debian 10 also listed as affected (cpe:2.3:o:debian:debian_linux:10.0). The Zero Day Initiative tracked this as ZDI-CAN-23896 before public disclosure as ZDI-24-467.
RemediationAI
Apply the official patch available at https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 or upgrade to a patched version of GStreamer beyond 1.24.1. Debian users should follow the guidance in https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html for system-specific updates. Until patching is complete, limit GStreamer's exposure to untrusted media files, particularly those containing EXIF metadata, and consider implementing input validation or sandboxing for media processing operations to minimize potential impact.
More in Debian Linux
View allRoundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain
Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.2
Same weakness CWE-190 – Integer Overflow or Wraparound
View allShare
External POC / Exploit Code
Leaving vuln.today