Wind River Support Network

HomeDefectsLIN1022-12221
Fixed

LIN1022-12221 : Security Advisory - gstreamer1.0-plugins-good - CVE-2024-47602

Created: Dec 12, 2024    Updated: Mar 4, 2025
Resolved Date: Feb 27, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.20
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.

CREATE(Triage):(User=admin) CVE-2024-47602 (https://nvd.nist.gov/vuln/detail/CVE-2024-47602)
Live chat
Online