{"id":"CVE-2024-47540","summary":"GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer","details":"GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.","modified":"2026-04-10T05:17:23.577810Z","published":"2024-12-11T18:54:04.383Z","related":["ALSA-2024:11122","ALSA-2024:11299","MGASA-2025-0040","SUSE-SU-2025:00063-1","SUSE-SU-2025:0055-1","SUSE-SU-2025:0063-1","SUSE-SU-2025:0064-1","SUSE-SU-2025:0067-1","SUSE-SU-2025:02053-1","SUSE-SU-2025:02055-1","SUSE-SU-2025:02058-1","SUSE-SU-2025:02347-1","openSUSE-SU-2025:14699-1"],"database_specific":{"cwe_ids":["CWE-457"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47540.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://gstreamer.freedesktop.org/security/sa-2024-0017.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47540.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47540"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"},{"type":"FIX","url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gstreamer/gstreamer","events":[{"introduced":"0"},{"fixed":"5be4b6f03689ab438822f6cfcd13f1f300afe203"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.24.10"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.1.1","1.1.2","1.1.3","1.1.4","1.1.90","1.10.0","1.11.0","1.11.1","1.11.2","1.11.90","1.11.91","1.12.0","1.13.1","1.13.90","1.13.91","1.14.0","1.15.1","1.15.2","1.15.90","1.16.0","1.17.1","1.17.2","1.17.90","1.18.0","1.19.1","1.19.2","1.19.3","1.19.90","1.2.0","1.20.0","1.21.1","1.21.2","1.21.3","1.21.90","1.22.0","1.23.1","1.23.2","1.23.90","1.24.0","1.24.1","1.24.2","1.24.3","1.24.4","1.24.5","1.24.6","1.24.7","1.24.8","1.24.9","1.3.1","1.3.2","1.3.3","1.3.90","1.3.91","1.4.0","1.5.1","1.5.2","1.5.90","1.5.91","1.6.0","1.7.1","1.7.2","1.7.90","1.7.91","1.8.0","1.9.1","1.9.2","1.9.90","BEFORE_INDENT","BRANCH-AUTOPLUG2-ROOT","BRANCH-BUILD1-200112061-ROOT","BRANCH-BUILD1-200112101-ROOT","BRANCH-BUILD1-20011216-FREEZE","BRANCH-BUILD1-ROOT","BRANCH-CAPSNEGO1-ROOT","BRANCH-ERROR-ROOT","BRANCH-EVENTS1-200110161-ROOT","BRANCH-EVENTS1-ROOT","BRANCH-EVENTS2-ROOT","BRANCH-GOBJECT1-200106241-ROOT","BRANCH-GOBJECT1-ROOT","BRANCH-GSTREAMER-0_6-ROOT","BRANCH-GSTREAMER-0_8-ROOT","BRANCH-INCSCHED1-200104161-ROOT","BRANCH-INCSCHED1-200104251-ROOT","BRANCH-INCSCHED1-200105231-ROOT","BRANCH-INCSCHED1-200105251-ROOT","BRANCH-INCSCHED1-ROOT","BRANCH-PLUGINVER1-20010422-ROOT","BRANCH-PLUGINVER1-ROOT","BRANCH-RELEASE-0_3_3-ROOT","BRANCH-RELEASE-0_3_4-ROOT","BRANCH-RELEASE-0_4_0-ROOT","BRANCH-RELEASE-0_4_1-ROOT","BRANCH-RELEASE-0_4_2-ROOT","BRANCH-RELEASE-0_5_0-ROOT","BRANCH-RELEASE-0_5_1-ROOT","BRANCH-RELEASE-0_5_2-ROOT","BRANCH-RELEASE-0_7_2-ROOT","BRANCH-RELEASE-0_7_4-ROOT","BRANCH-RELEASE-0_7_5-ROOT","CAPS-MERGE-1","CAPS-MERGE-2","CAPS-MERGE-3","CAPS-ROOT","CHANGELOG_START","DEBIAN-0_3_1-1","EVENTS1-200110161-FREEZE","GIT_CONVERSION","GOBJECT1-200106241","GOBJECT1-200106241-FREEZE","HEAD-20010306-PRE_AUTOPLUG2","HEAD-20010312-PRE_CAPSNEGO1","INCSCHED1-200105251","INCSCHED1-200105251-FREEZE","MOVE-TO-FDO","OSLOSUMMIT1-200303051","PLUGINVER1-20010422","PLUGINVER1-20010422-FREEZE","RELEASE-0.10.23","RELEASE-0.10.24","RELEASE-0.10.25","RELEASE-0.10.26","RELEASE-0.10.27","RELEASE-0.10.28","RELEASE-0.10.29","RELEASE-0.10.30","RELEASE-0.10.31","RELEASE-0.11.0","RELEASE-0.11.1","RELEASE-0.11.2","RELEASE-0.11.90","RELEASE-0.11.91","RELEASE-0.11.92","RELEASE-0.11.93","RELEASE-0.11.94","RELEASE-0.11.99","RELEASE-0_10_0","RELEASE-0_10_1","RELEASE-0_10_10","RELEASE-0_10_11","RELEASE-0_10_12","RELEASE-0_10_13","RELEASE-0_10_14","RELEASE-0_10_15","RELEASE-0_10_16","RELEASE-0_10_17","RELEASE-0_10_18","RELEASE-0_10_2","RELEASE-0_10_20","RELEASE-0_10_21","RELEASE-0_10_22","RELEASE-0_10_3","RELEASE-0_10_4","RELEASE-0_10_5","RELEASE-0_10_6","RELEASE-0_10_7","RELEASE-0_10_8","RELEASE-0_10_9","RELEASE-0_1_0-SLIPSTREAM","RELEASE-0_1_1-DUCTTAPE","RELEASE-0_2_0-CRITICALMASS","RELEASE-0_2_1-SEDIMASTER","RELEASE-0_2_1-UNKN","RELEASE-0_3_0-EVENTFUL","RELEASE-0_3_1-BELGIANBEER","RELEASE-0_3_2-DOBDAY","RELEASE-0_7_1","RELEASE-0_7_2","RELEASE-0_7_3","RELEASE-0_7_6","RELEASE-0_8_0","RELEASE-0_8_1","RELEASE-0_8_2","RELEASE-0_8_3","RELEASE-0_8_4","RELEASE-0_8_6","RELEASE-0_8_7","RELEASE-0_8_8","RELEASE-0_8_9","RELEASE-0_9_2","RELEASE-0_9_3","RELEASE-0_9_4","RELEASE-0_9_5","RELEASE-0_9_6","RELEASE-0_9_7","TYPEFIND-ROOT","monorepo-start","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47540.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}