NULL Pointer Dereference Affecting gstreamer/gstreamer package, versions [,1.24.10)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-UNMANAGED-GSTREAMERGSTREAMER-8501871
  • published13 Dec 2024
  • disclosed11 Dec 2024
  • creditAntonio Morales

Introduced: 11 Dec 2024

NewCVE-2024-47602  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

Upgrade gstreamer/gstreamer to version 1.24.10 or higher.

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference through the gst_matroska_demux_add_wvpk_header function. An attacker can cause the application to crash.

CVSS Scores

version 4.0
version 3.1