CVE-2024-47602 – A null pointer dereference vulnerability in GSt... (How to Fix)

Q: What is the severity of CVE-2024-47602?

CVE-2024-47602 has a CVSS score of 7.5 (HIGH). A null pointer dereference vulnerability in GStreamer's matroska demuxer can cause application crashes when processing specially crafted media files. This affects any application using GStreamer to handle Matroska container files. The vulnerability allows denial of service attacks against media processing applications.

📋 TL;DR

A null pointer dereference vulnerability in GStreamer's matroska demuxer can cause application crashes when processing specially crafted media files. This affects any application using GStreamer to handle Matroska container files. The vulnerability allows denial of service attacks against media processing applications.

💻 Affected Systems

Products:

GStreamer
Applications using GStreamer library

Versions: GStreamer versions before 1.24.10

Operating Systems: Linux, Windows, macOS, BSD systems with GStreamer

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using GStreamer's matroska demuxer to process .mkv or .webm files is vulnerable.

📦 What is this software?

Gstreamer by Gstreamer Project

View all CVEs affecting Gstreamer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially disrupting media processing services or applications that rely on GStreamer for media playback.

🟠

Likely Case

Application crash when processing malicious Matroska files, causing service disruption in media processing pipelines.

🟢

If Mitigated

No impact if patched version is used or if Matroska file processing is disabled.

🌐 Internet-Facing: MEDIUM - Applications processing user-uploaded media files from the internet are vulnerable to DoS attacks.

🏢 Internal Only: LOW - Internal media processing systems could be affected by malicious files, but attack surface is smaller.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires only a crafted media file to trigger the crash.

Exploitation requires the application to process a malicious Matroska file. No authentication needed if file processing is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.24.10

Vendor Advisory: https://gstreamer.freedesktop.org/security/sa-2024-0019.html

Restart Required: Yes

Instructions:

1. Update GStreamer to version 1.24.10 or later. 2. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade gstreamer1.0' (Debian/Ubuntu) or 'sudo yum update gstreamer' (RHEL/CentOS). 3. Restart applications using GStreamer.

🔧 Temporary Workarounds

Disable Matroska file processing

all

Configure applications to avoid processing Matroska (.mkv, .webm) files until patched.

Application-specific configuration required

🧯 If You Can't Patch

Implement strict file upload validation to block Matroska files
Use application firewalls or WAFs to detect and block malicious media file uploads

🔍 How to Verify

Check if Vulnerable:

Check GStreamer version: 'gst-inspect-1.0 --version' and verify if below 1.24.10

Check Version:

gst-inspect-1.0 --version

Verify Fix Applied:

Confirm version is 1.24.10 or higher: 'gst-inspect-1.0 --version | grep -q "1.24.10" && echo "Patched"'

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults when processing media files
Core dumps from GStreamer processes

Network Indicators:

Unusual uploads of Matroska files to media processing services

SIEM Query:

Process:gst* AND (EventID:1000 OR Signal:SIGSEGV)

📊 Metadata

CVE ID: CVE-2024-47602

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: December 12, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47602, you might also want to check these: