一、漏洞信息

漏洞编号：[CVE-2024-47602](https://nvd.nist.gov/vuln/detail/CVE-2024-47602)

漏洞归属组件：[gstreamer](https://gitee.com/src-openeuler/gstreamer)

漏洞归属的版本：0.10.36

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.

漏洞公开时间：2024-12-12 10:03:31

漏洞创建时间：2024-12-31 18:12:57

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-47602

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | |

| security-advisories.github.com | https://gstreamer.freedesktop.org/security/sa-2024-0019.html | |

| security-advisories.github.com | https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/ | |

| suse_bugzilla | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | https://bugzilla.suse.com/show_bug.cgi?id=1234432 |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47602 | https://bugzilla.suse.com/show_bug.cgi?id=1234432 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-47602 | https://bugzilla.suse.com/show_bug.cgi?id=1234432 |

| suse_bugzilla | https://gstreamer.freedesktop.org/security/sa-2024-0019.html | https://bugzilla.suse.com/show_bug.cgi?id=1234432 |

| suse_bugzilla | https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/ | https://bugzilla.suse.com/show_bug.cgi?id=1234432 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-47602 |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2024-47602 | https://explore.alas.aws.amazon.com/CVE-2024-47602.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47602 | https://explore.alas.aws.amazon.com/CVE-2024-47602.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其它

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | | security-advisories.github.com |

| | | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | | suse_bugzilla |

| | | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | | nvd |

| | | https://gstreamer.freedesktop.org/security/sa-2024-0019.html | | nvd |

| | | https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/ | | nvd |

| | | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 | | debian |

| | | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058 | | debian |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：