Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. This function does not properly check the validity of the stream-codecpriv pointer. If...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxupdatetracks function within matroska-demux.c. The vulnerability occurs when the gstcapsisequal function is called with invalid caps...

CVE-2026-55203

HAProxy

CVE-2026-55203 HAProxy - Integer Overflow in FCGI Demux Record Length Field

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

EUVD-2026-30350

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017385)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017385 advisory. Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potential for arbitra...

PT-2026-38860

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux parse trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

PT-2026-38834

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract cc from data function within qtdemux.c. In the FOURCC c708 case, the subtraction atom length - 8 may result in an underflow if atom length is less than 8. When that...

BIT-JAVA-MIN-2024-47606 GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

BIT-JAVA-2024-47545 GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...

PT-2026-37815

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux parse samples within qtdemux.c. This issue arises when the function qtdemux parse samples reads data beyond the boundaries of the stream-stco buffer. The following co...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the file drivers/media/dvb-core/dmxdev.c within the Linux kernel, up to version 5.19.10, a use-after-free condition has occurred due to race conditions related to reference counts, affecting the functions dvbdemuxopen and dvbdmxdevrelease...

Astra Linux – Vulnerability in gst-plugins-good1.0

Integer overflow in the avidemux element within the gstavidemuxinvert function, which allows for a heap overwrite during the parsing of AVI files. There is a potential for arbitrary code execution due to the heap overwrite...

OSV-2026-49 Heap-buffer-overflow in check_sync_pes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475305126 Crash type: Heap-buffer-overflow READ Crash state: checksyncpes Demux demuxprocessstream...

OSV-2026-44 UNKNOWN READ in MP4_TrackSeek

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475299914 Crash type: UNKNOWN READ Crash state: MP4TrackSeek DemuxMoov Demux...

CVE-2022-38858

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function movbuildindex of libmpdemux/demuxmov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1...

EUVD-2022-55764

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtvbridgedvbinit KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvbdmxdevrelease+0x4d5/0x5d0 dvbcore Call Trace: ... dvbdmxdevrelease+0x4d5/0x5d0 dvbcore...

OSV-2025-970 Heap-buffer-overflow in check_sync_pes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=465802762 Crash type: Heap-buffer-overflow READ Crash state: checksyncpes Demux demuxprocessstream...

LIVE555 Streaming Media Post-Release Reuse Vulnerability (CNVD-2025-30510)

LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a post-release reuse vulnerability that stems fr...