cbcvebase.
CVE-2024-47540
published 2024-12-12

CVE-2024-47540: GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the…

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.00%
58.3th percentile
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.

Affected

2 ranges
VendorProductVersion rangeFixed in
debiangst-plugins-good1.0< gst-plugins-good1.0 1.22.0-5+deb12u2 (bookworm)gst-plugins-good1.0 1.22.0-5+deb12u2 (bookworm)
gstreamergstreamer< 1.24.101.24.10

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered in the `gst_matroska_demux_add_wvpk_header` function within `matroska-demux.c` — monitor for crashes or unexpected execution flow when processing Matroska/WebM files via GStreamer's Matroska/WebM demuxer.
  • Monitor application crashes when processing Matroska/WebM files as a potential indicator of exploitation attempts against this uninitialized stack memory vulnerability.
  • The exploit vector requires a specially crafted Matroska/WebM input file — treat any unexpected Matroska/WebM file from untrusted sources as a potential attack artifact.
  • ·Vulnerability is fixed in GStreamer 1.24.10; any deployment running an earlier version of gstreamer1-plugins-good is affected. Patch to 1.24.10 or the relevant distro backport.
  • ·Debian-specific fixed versions vary by release: bookworm fixed in 1.22.0-5+deb12u2, bullseye fixed in 1.18.4-2+deb11u3, forky/sid/trixie fixed in 1.24.10-1.
  • ·Exploitation requires user interaction — an attacker must trick a user into opening or processing a specially crafted file. Scope is rated local.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv8.6HIGH
vendor_debian8.6HIGH
vendor_redhat8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.