GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035i2cmasterxfer In af9035i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Maliciou...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: media: dvbdev: Fixed a memory leak in dvbMediaDeviceFree. The function dvbMediaDeviceFree leaks memory. It is necessary to free the dvbdev-adapter-conn object before setting it to NULL, as documented in...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel through version 6.0.10. In the file drivers/media/dvb-core/dvbcaen50221.c, a use-after-free condition can occur due to the lack of a waitevent after a disconnection occurs...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the file drivers/media/dvb-core/dmxdev.c within the Linux kernel, up to version 5.19.10, a use-after-free condition has occurred due to race conditions related to reference counts, affecting the functions dvbdemuxopen and dvbdmxdevrelease...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix nullptrderef in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious dat...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fixed a use-after-free in vidtvbridgedvbinit. KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvbdmxdevrelease+0x4d5/0x5d0 dvbcore Call trace: … dvbdmxdevrelease+0x4d5/0x5d0 dvbcore...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010779 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice -...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

PT-2026-30573

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the dvb-net module related to out-of-bounds access in ULE extension header tables. The ule mandatory ext handlers and ule optional ext handlers...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

UBUNTU-CVE-2026-2923

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005670 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice -...

MiracleLinux 8 : kernel-4.18.0-513.9.1.el8_9 (AXSA:2024-7403:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7403:01 advisory. kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe CVE-2023-2163 kernel: tun: bugs for oversize...

media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()

...

CVE-2025-68819

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100i2cmsg rlen value is a user-controlled value, but dtv5100i2cmsg does not check the size of the rlen value. Therefore, if it is set to a value larger than sizeofst-data, an...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003272 advisory. drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003314 advisory. drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users...