CLSA-2026-1777460813 gstreamer1-plugins-ugly-free: Fix of 2 CVEs

CVE-2026-2920: asfdemux: error out on files with more than 32 streams - CVE-2026-2922: rmdemux: check fragment overflow before storing - CVE-2026-2922: rmdemux: avoid integer overflow when checking video fragment size...

Debian DLA-2226-1 : gst-plugins-ugly0.10 security update

Two memory management issues were found in the asfdemux element of the GStreamer 'ugly' plugin collection, which can be triggered via a maliciously crafted file. For Debian 8 'Jessie', these problems have been fixed in version 0.10.19-2.1+deb8u1. We recommend that you upgrade your...

CVE-2017-5846

The gstasfdemuxprocessextstreamprops function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via vectors related to the number of languages in a video file...

Design/Logic Flaw

The gstasfdemuxprocessextcontentdesc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving extended content descriptors...