EUVD-2025-23943

Malicious code in bioql PyPI...

EUVD-2025-23942

Malicious code in bioql PyPI...

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2025-3002 (ALAS-2025-3002)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3002 advisory. In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bound...

Medium: gstreamer1-plugins-base

Issue Overview: In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806 In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer whil...

TencentOS Server 4: gstreamer1-plugins-base (TSSA-2025:0674)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0674 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

AZL-66189 CVE-2025-47807 affecting package gstreamer1-plugins-base 1.20.0-3

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the parsesubriptime function in the gst/subparse/gstsubparse.c. An attacker can cause a crash by providing specially crafted input that results in writing data past the bounds of a stack buffer. Remediati...

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

CVE-2025-47807

CVE-2025-47807 affects GStreamer up to 1.26.1: the subparse plugin’s subrip_unescape_formatting may dereference a NULL pointer while parsing subtitle files, causing a crash (DoS). Connected advisories confirm the issue across distributions: Debian DLA-4371-1 fixes gst-plugins-base1.0 on Debian 11...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47806

CVE-2025-47806 affects the GStreamer base plugins’ subparse plugin, specifically the parse_subrip_time function, which can write past the bounds of a stack buffer in releases up to 1.26.1. This may cause a crash/DoS. Public advisories confirm fixes in downstream packaging: Debian 11 bullseye (gst...

CVE-2025-47808

In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...