CVE-2024-47599NULL Pointer Dereference in Gstreamer

CWE-476NULL Pointer Dereference13 documents5 sources
Severity
6.8MEDIUMNVD
OSV4.7
EPSS
0.1%
top 78.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GstreamerLinux KernelDebian Gst-plugins-good1.0
Timeline
PublishedDec 12
Latest updateMar 24

Description

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerab

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDgstreamer/gstreamer< 1.24.10
debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.22.0-5+deb12u2 (bookworm)
Ubuntulinux/linux_kernel< 4.4.0-278.312+1

Patches

Patch: gitlab.freedesktop.org

🔴Vulnerability Details

9
OSV
linux-azure, linux-azure-4.15 vulnerabilities2026-03-24
OSV
linux-azure vulnerabilities2026-03-24
OSV
linux-azure-fips vulnerabilities2026-03-24
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities2026-03-20
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2026-03-20

📋Vendor Advisories

3
Ubuntu
GStreamer Good Plugins vulnerabilities2024-12-18
Red Hat
gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences2024-12-11
Debian
CVE-2024-47599: gst-plugins-good1.0 - GStreamer is a library for constructing graphs of media-handling components. A n...2024