Coordinated Disclosure Timeline

Project

Gstreamer

Tested Version

Details

Null pointer dereference in gst_matroska_demux_add_wvpk_header (GHSL-2024-250)

A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c.

This function does not properly check the validity of the stream->codec_priv pointer in the following code:

static GstFlowReturn
gst_matroska_demux_add_wvpk_header (GstElement * element, GstMatroskaTrackContext * stream, GstBuffer ** buf) {
...
  wvh.version = GST_READ_UINT16_LE (stream->codec_priv);
...

If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application.

Impact

This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV).

CVE

Credit

This issue was discovered and reported by GHSL team member @antonio-morales (Antonio Morales).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-250 in any communication regarding this issue.