Gstreamer
CVE-2024-47834
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.
AnalysisAI
A use-after-free vulnerability in GStreamer's Matroska demuxer allows remote attackers to cause denial of service or potentially disclose sensitive information by sending specially crafted Matroska media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing CodecPrivate elements in Matroska streams. No active exploitation has been reported (not in KEV), and no public proof-of-concept exists, though the network-accessible nature and low complexity make it a credible threat.
Technical ContextAI
GStreamer is a widely-used multimedia framework for constructing media processing pipelines, affected versions identified through CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability stems from a use-after-free condition (CWE-416) in the Matroska demuxer component, where memory allocated for CodecPrivate elements via gst_ebml_read_binary is freed in gst_matroska_track_free but subsequently accessed in caps_serialize through gst_value_serialize_buffer. This classic memory management flaw occurs during the parsing of Matroska container format files, which are commonly used for video content delivery across web and streaming platforms.
RemediationAI
Upgrade GStreamer to version 1.24.10 or later, which contains the fix available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch. For systems that cannot immediately upgrade, implement input validation to reject or sanitize Matroska files from untrusted sources, and consider sandboxing media processing operations to limit impact. Review the vendor security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0030.html for additional guidance and verify all GStreamer-dependent applications are updated.
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write an
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to
An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service o
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denia
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory
An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when par
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation fault
Same weakness CWE-416 – Use After Free
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today