CVE-2024-47834

CRITICAL
2024-12-12 [email protected]
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Dec 12, 2024 - 02:03 nvd
CRITICAL 9.1

Tags

Information Disclosure Gstreamer

Description

GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.

Analysis

A use-after-free vulnerability in GStreamer's Matroska demuxer allows remote attackers to cause denial of service or potentially disclose sensitive information by sending specially crafted Matroska media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing CodecPrivate elements in Matroska streams. No active exploitation has been reported (not in KEV), and no public proof-of-concept exists, though the network-accessible nature and low complexity make it a credible threat.

Technical Context

GStreamer is a widely-used multimedia framework for constructing media processing pipelines, affected versions identified through CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability stems from a use-after-free condition (CWE-416) in the Matroska demuxer component, where memory allocated for CodecPrivate elements via gst_ebml_read_binary is freed in gst_matroska_track_free but subsequently accessed in caps_serialize through gst_value_serialize_buffer. This classic memory management flaw occurs during the parsing of Matroska container format files, which are commonly used for video content delivery across web and streaming platforms.

Affected Products

GStreamer versions prior to 1.24.10 are vulnerable, as confirmed by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:* and the official security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0030.html. The vulnerability affects all applications and systems using the GStreamer framework for media processing, particularly those handling untrusted Matroska/WebM files. Debian LTS has issued updates as noted in https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html, indicating widespread distribution impact.

Remediation

Upgrade GStreamer to version 1.24.10 or later, which contains the fix available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch. For systems that cannot immediately upgrade, implement input validation to reject or sanitize Matroska files from untrusted sources, and consider sandboxing media processing operations to limit impact. Review the vendor security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0030.html for additional guidance and verify all GStreamer-dependent applications are updated.

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: 0

Share

CVE-2024-47834 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy