GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

MiracleLinux 8 : gstreamer1-plugins-bad-free-1.16.1-6.el8_10, gstreamer1-plugins-base-1.16.1-6.el8_10, gstreamer1-plugins-good-1.16.1-6.el8_10 (AXSA:2026-460:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-460:01 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffe...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007325)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007325 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw Tenable has extracted the preceding description block...

MiracleLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (AXSA:2026-421:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-421:01 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffe...

RLSA-2026:6259 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStream...

RLSA-2026:6750 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

RockyLinux 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:6259)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6259 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

RLSA-2026:6300 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

RHEL 8 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (RHSA-2026:6750)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6750 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

RockyLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:6300)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6300 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

SUSE CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-31405

A flaw was found in the Linux kernel's dvb-net component. A remote attacker could exploit this vulnerability by sending specially crafted network data. This could lead to an out-of-bounds read in the handleoneuleextension function, potentially allowing the attacker to execute arbitrary code. The...

EUVD-2026-19199

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

UBUNTU-CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-31405

CVE-2026-31405 : Linux kernel media/dvb-net vulnerability — OOB read in ULE extension header tables due to 255-element lookup arrays; bounds check added for htype to ensure out-of-range SNDU is discarded. This resolves a kernel-wide issue and is reflected in OSV advisories (e.g., Root: Debian 11/...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

Linux Distros Unpatched Vulnerability : CVE-2026-31405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declare...