CVE-2024-0444
published 2024-06-07CVE-2024-0444: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
PriorityP259high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.56%
72.1th percentile
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gst-plugins-bad1.0 | < gst-plugins-bad1.0 1.22.0-4+deb12u5 (bookworm) | gst-plugins-bad1.0 1.22.0-4+deb12u5 (bookworm) |
| gstreamer | gstreamer | < 1.22.0 | 1.22.0 |
| gstreamer | gstreamer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered during parsing of tile list data within AV1-encoded video files — inspect/alert on AV1 video files being processed by GStreamer, particularly those with malformed tile list entries. ↗
- →Attack vector involves a crafted AV1-encoded video file delivered to a user for processing — monitor for unexpected AV1 file ingestion by GStreamer-based applications, especially from remote/untrusted sources. ↗
- →The vulnerable component is the AV1 codec plugin in GStreamer Bad Plugins (gst-plugins-bad). Confirm presence of the unpatched plugin on the system; on Debian bookworm the fix is in gst-plugins-bad 1.22.0-4+deb12u5 and on bullseye in 1.18.4-3+deb11u4. ↗
- →Stack-based buffer overflow occurs in the AV1 tile list parsing code path — a crash (SIGSEGV/stack smash) in a GStreamer process while handling AV1 content is a strong indicator of exploitation attempts. ↗
- ·Attack vectors vary by implementation — any application embedding GStreamer and processing untrusted AV1 video (browsers, media players, video conferencing tools) is potentially in scope. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GStreamer Bad Plugins vulnerabilities
vendor_ubuntu·2025-06-05·CVSS 8.8
CVE-2023-50186 [HIGH] GStreamer Bad Plugins vulnerabilities
Title: GStreamer Bad Plugins vulnerabilities
Summary: Several security issues were fixed in GStreamer Bad Plugins.
It was discovered that the AV1 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444)
It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-3887)
Instructions: In general, a standard system update will make all the necessar
Red Hat
gstreamer: AV1 Video Parsing Stack-based Buffer Overflow
vendor_redhat·2024-06-07·CVSS 8.8
CVE-2024-0444 [HIGH] CWE-121 gstreamer: AV1 Video Parsing Stack-based Buffer Overflow
gstreamer: AV1 Video Parsing Stack-based Buffer Overflow
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
A stack-based buffer overflow flaw was found in
Debian
CVE-2024-0444: gst-plugins-bad1.0 - GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vu...
vendor_debian·2024·CVSS 8.8
CVE-2024-0444 [HIGH] CVE-2024-0444: gst-plugins-bad1.0 - GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vu...
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
Scope: local
bookworm: resolved (fixed in 1.22.0-4+deb12u5)
bullseye: resolved (fixed in 1.18.4-3+deb11u4)
OSV
gst-plugins-bad1.0 vulnerabilities
osv·2025-06-05·CVSS 8.8
CVE-2023-50186 [HIGH] gst-plugins-bad1.0 vulnerabilities
gst-plugins-bad1.0 vulnerabilities
It was discovered that the AV1 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444)
It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-3887)
GHSA
GHSA-35hr-69cj-v3x3: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ghsa_unreviewed·2024-06-08
CVE-2024-0444 [HIGH] CWE-121 GHSA-35hr-69cj-v3x3: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
OSV
CVE-2024-0444: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
osv·2024-06-07·CVSS 8.8
CVE-2024-0444 [HIGH] CVE-2024-0444: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390https://www.zerodayinitiative.com/advisories/ZDI-24-567/https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390https://www.zerodayinitiative.com/advisories/ZDI-24-567/
2024-06-07
Published