GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gstreamer | Gstreamer_project | * | 1.24.10 (excluding) |
| Red Hat Enterprise Linux 9 | RedHat | gstreamer1-plugins-good-0:1.22.12-4.el9 | * |
| Gst-plugins-good1.0 | Ubuntu | esm-infra/focal | * |
| Gst-plugins-good1.0 | Ubuntu | focal | * |
| Gst-plugins-good1.0 | Ubuntu | jammy | * |
| Gst-plugins-good1.0 | Ubuntu | noble | * |
| Gst-plugins-good1.0 | Ubuntu | oracular | * |
| Gst-plugins-good1.0 | Ubuntu | upstream | * |