Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-47599

Опубликовано: 11 дек. 2024
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.

A flaw was found in the GStreamer library. Insufficient error handling in the JPEG decoder can lead to NULL-pointer dereferences and cause crashes for certain input files, making it possible for a malicious actor to trigger a crash of the application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10gstreamer1-plugins-goodNot affected
Red Hat Enterprise Linux 7gstreamer1-plugins-goodOut of support scope
Red Hat Enterprise Linux 8gstreamer1-plugins-goodOut of support scope
Red Hat Enterprise Linux 9gstreamer1-plugins-goodFixedRHSA-2025:724213.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2331748gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences

EPSS

Процентиль: 50%
0.00268
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-47599

CVSS3: 7.5
ubuntu
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.

nvd логотип

CVE-2024-47599

CVSS3: 7.5
nvd
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.

debian логотип

CVE-2024-47599

CVSS3: 7.5
debian
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling compo ...

fstec логотип

BDU:2025-00874

CVSS3: 7.5
fstec
6 месяцев назад

Уязвимость функции gst_jpeg_dec_negotiate мультимедийного фреймворка Gstreamer, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2025-7242

oracle-oval
около 1 месяца назад

ELSA-2025-7242: gstreamer1-plugins-good security update (MODERATE)

EPSS

Процентиль: 50%
0.00268
Низкий

5.5 Medium

CVSS3