CVE-2024-4453Integer Overflow or Wraparound in Gstreamer

CWE-190Integer Overflow or Wraparound8 documents6 sources
Severity
7.8HIGHNVD
OSV8.8
EPSS
3.3%
top 12.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Gst-plugins-base1.0GstreamerDebian Linux
Timeline
PublishedMay 22
Latest updateOct 7

Description

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer ov

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5gstreamer/gstreamerfc0ef6ede6ceda8c89326b38899d4944a8091f40 and 1.24.0
NVDgstreamer/gstreamer1.24.0, 1.24.1+1
debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u2 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

3
OSV
gst-plugins-base1.0 vulnerabilities2025-10-07
GHSA
GHSA-wxq9-8346-gp9m: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability2024-05-22
OSV
CVE-2024-4453: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability2024-05-22

📋Vendor Advisories

4
Ubuntu
GStreamer Base Plugins vulnerabilities2025-10-07
Ubuntu
GStreamer Base Plugins vulnerability2024-05-29
Red Hat
gstreamer: EXIF Metadata Parsing Integer Overflow2024-05-22
Debian
CVE-2024-4453: gst-plugins-base1.0 - GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerabi...2024
CVE-2024-4453 — Integer Overflow or Wraparound | cvebase