CVE-2024-47834 : GStreamer is a library for constructing graphs of media-handling components. An

GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.

Published 2024-12-11 19:18:04

Updated 2024-12-18 19:43:03

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2024-47834

Gstreamer » Gstreamer
Versions before (<) 1.24.10
cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*
Matching versions
Gstreamer Project » Gstreamer
Versions before (<) 1.24.10
cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-47834

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 37 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-47834

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	3.9	5.2	NIST	2024-12-18
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High
5.1	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/V...	N/A	N/A	GitHub, Inc.	2024-12-11
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: None User Interaction: None Confidentiality (VC): Low Integrity (VI): None Availability (VA): Low
5.1	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/V...	N/A	N/A	GitHub, Inc.	2024-12-12
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: None User Interaction: None Confidentiality (VC): Low Integrity (VI): None Availability (VA): Low

CWE ids for CVE-2024-47834

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Assigned by:
- a0819718-46f1-4df5-94e2-005712e83aaa (Primary)
- security-advisories@github.com (Primary)

References for CVE-2024-47834

https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/

GHSL-2024-280: Use-After-Free read in Matroska CodecPrivate in GStreamer - CVE-2024-47834 | GitHub Security Lab
Third Party Advisory
https://gstreamer.freedesktop.org/security/sa-2024-0030.html

GStreamer Security Advisory
Release Notes
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch

Patch

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-47834

Products affected by CVE-2024-47834

Exploit prediction scoring system (EPSS) score for CVE-2024-47834

CVSS scores for CVE-2024-47834

CWE ids for CVE-2024-47834

References for CVE-2024-47834