Описание
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.24.10-1 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | not-affected | 1.16.3-0ubuntu1.4 |
| esm-infra/xenial | needs-triage | |
| focal | released | 1.16.3-0ubuntu1.4 |
| jammy | released | 1.20.1-1ubuntu0.4 |
| noble | released | 1.24.2-1ubuntu0.2 |
| oracular | released | 1.24.8-1ubuntu0.1 |
| plucky | not-affected | 1.24.10-1 |
| upstream | released | 1.24.10-1 |
Показывать по
7.5 High
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость функции id3v2_read_synch_uint мультимедийного фреймворка Gstreamer, позволяющая нарушителю ваххаызвать отказ в обслуживании
ELSA-2025-7243: gstreamer1-plugins-base security update (MODERATE)
7.5 High
CVSS3