Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
Vulnerability Description
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
CVSS Information
N/A
Vulnerability Type
使用未经初始化的变量
Vulnerability Title
GStreamer 安全漏洞
Vulnerability Description
GStreamer是GStreamer开源的一套用于处理流媒体的框架。 GStreamer存在安全漏洞,该漏洞源于在matroska-demux.c中的gst_matroska_demux_add_wvpk_header函数中发现了一个未初始化堆栈变量漏洞。
CVSS Information
N/A
Vulnerability Type
N/A