Coordinated Disclosure Timeline
- 2024-09-30: Issue reported at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866
- 2024-09-30: Issue acknowledged
- 2024-12-03: Fixed and disclosed
Project
Gstreamer
Tested Version
- Development version (2024/09/25)
Details
Null pointer dereference in gst_matroska_demux_add_wvpk_header (GHSL-2024-250
)
A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c
.
This function does not properly check the validity of the stream->codec_priv pointer in the following code:
static GstFlowReturn
gst_matroska_demux_add_wvpk_header (GstElement * element, GstMatroskaTrackContext * stream, GstBuffer ** buf) {
...
wvh.version = GST_READ_UINT16_LE (stream->codec_priv);
...
If stream->codec_priv
is NULL, the call to GST_READ_UINT16_LE
will attempt to dereference a null pointer, leading to a crash of the application.
Impact
This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV).
CVE
- CVE-2024-47602
Credit
This issue was discovered and reported by GHSL team member @antonio-morales (Antonio Morales).
Contact
You can contact the GHSL team at securitylab@github.com
, please include a reference to GHSL-2024-250
in any communication regarding this issue.