Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-47613

NULL Pointer Dereference

Published: Dec 12, 2024 | Modified: Dec 19, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-47613
CWEhttps://cwe.mitre.org/data/definitions/476.html

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in gst_gdk_pixbuf_dec_flush within gstgdkpixbufdec.c. This function invokes memcpy, using out_pix as the destination address. out_pix is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to memcpy to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Gstreamer Gstreamer_project * 1.24.10 (excluding)
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat gstreamer1-plugins-base-0:1.10.4-3.el7_9 *
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat gstreamer1-plugins-good-0:1.10.4-3.el7_9 *
Red Hat Enterprise Linux 8 RedHat gstreamer1-plugins-good-0:1.16.1-5.el8_10 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat gstreamer1-plugins-good-0:1.16.1-2.el8_2 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat gstreamer1-plugins-good-0:1.16.1-3.el8_4 *
Red Hat Enterprise Linux 8.4 Telecommunications Update Service RedHat gstreamer1-plugins-good-0:1.16.1-3.el8_4 *
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions RedHat gstreamer1-plugins-good-0:1.16.1-3.el8_4 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat gstreamer1-plugins-good-0:1.16.1-3.el8_6 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat gstreamer1-plugins-good-0:1.16.1-3.el8_6 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat gstreamer1-plugins-good-0:1.16.1-3.el8_6 *
Red Hat Enterprise Linux 8.8 Extended Update Support RedHat gstreamer1-plugins-good-0:1.16.1-4.el8_8 *
Red Hat Enterprise Linux 9 RedHat gstreamer1-plugins-good-0:1.22.1-3.el9_5 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat gstreamer1-plugins-good-0:1.18.4-6.el9_0 *
Red Hat Enterprise Linux 9.2 Extended Update Support RedHat gstreamer1-plugins-good-0:1.18.4-7.el9_2 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat gstreamer1-plugins-good-0:1.22.1-3.el9_4 *
Gst-plugins-good1.0 Ubuntu focal *
Gst-plugins-good1.0 Ubuntu jammy *
Gst-plugins-good1.0 Ubuntu noble *
Gst-plugins-good1.0 Ubuntu oracular *
Gst-plugins-good1.0 Ubuntu upstream *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use