Lucene search
K

4478 matches found

RedHat Linux
RedHat Linux
added 4 days ago4 views

gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS6AI score0.00301EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: gstreamer1-plugins-good security update

An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.6CVSS6.2AI score0.0031EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago4 views

gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.0031EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago3 views

gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.6AI score0.0053EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free security update

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.2AI score0.0053EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS6AI score0.00301EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago5 views

Moderate: Red Hat Security Advisory: gstreamer1-plugins-ugly-free security update

An update for gstreamer1-plugins-ugly-free is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6AI score0.00228EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago5 views

gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS6AI score0.00228EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago4 views

gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer FILEINFO metadata parser

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago6 views

gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.0031EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago5 views

Important: Red Hat Security Advisory: gstreamer1-plugins-good security update

An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.6CVSS6.2AI score0.0031EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago6 views

gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS6AI score0.00228EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago8 views

Moderate: Red Hat Security Advisory: gstreamer1-plugins-ugly-free security update

An update for gstreamer1-plugins-ugly-free is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 5 days ago10 views

CVE-2026-14935

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS0.0015EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42051

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS6AI score0.0015EPSS
Exploits0References4
CVE
CVE
added 5 days ago11 views

CVE-2026-14935

GStreamer webrtcbin contains a logic flaw in _check_sdp_crypto(): an inverted presence check allows remote SDP offers/answers without the a=fingerprint attribute, while rejecting ones that include it. This could let an attacker intercepting WebRTC signaling bypass the SDP-level DTLS certificate f...

3.7CVSS6AI score0.0015EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-14935 Gstreamer: gstreamer: webrtcbin accepts remote sdp without a=fingerprint due to inverted presence check

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS0.0015EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept...

3.7CVSS6.1AI score0.0015EPSS
Exploits0References4
Rows per page
Query Builder