Use After Free Affecting gstreamer1-plugins-good package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL7-GSTREAMER1PLUGINSGOOD-8501892
- published13 Dec 2024
- disclosed11 Dec 2024
Introduced: 11 Dec 2024
NewCVE-2024-47834 (opens in a new tab)How to fix?
There is no fixed version for RHEL:7 gstreamer1-plugins-good.
NVD Description
Note: Versions mentioned in the description apply only to the upstream gstreamer1-plugins-good package and not the gstreamer1-plugins-good package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.