PT-2026-49334

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst av1 parser parse tile list obu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a...

UBUNTU-CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

gst-plugins-bad 缓冲区错误漏洞

gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability. This vulnerability stems from the H.265 codec parser library using incorrect loop boundaries when parsing SEI messages during the buffer period. As a result, the CPB values allocated for the stack...

Astra Linux – Vulnerability in gst-plugins-bad1.0

GStreamer MXF File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...

Debian dla-4530 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4530 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4530-1 [email protected]...

Debian: Security Advisory (DSA-6190-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-6190 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6190 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6190-1 [email protected]...

[SECURITY] [DSA 6190-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6190-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2026 https://www.debian.org/security/faq -...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the H.266 video bitstream parser in gst-plugins-bad. An attacker can execute arbitrary code by tricking a user into opening a specially crafted H.266 media file. Remediation Upgrade gstreamer to...

[SECURITY] [DLA 4219-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4219-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk June 17, 2025 https://wiki.debian.org/LTS -...

Debian dsa-5608 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5608 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5608-1...

Debian DSA-5583-1 : gst-plugins-bad1.0 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5583 advisory. A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary...

Integer Overflow

gst-plugins-bad:edge is vulnerable to Integer overflow. The vulnerability due to leading to heap overwrite in MXF file handling with AES3 audio. It allow an attacker to execute integer overflow...

Integer Overflow

gst-plugins-bad:edge is vulnerable to Integer overflow. The vulnerability due to GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. It leads to allow a remote attacker to execute Integer overflow...

Important Photon OS Security Update - PHSA-2023-5.0-0145

Updates of 'gst-plugins-bad' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2023-4.0-0513

Updates of 'gst-plugins-bad', 'postgresql14' packages of Photon OS have been released...

gst-plugins-bad security vulnerability

gst-plugins-bad is an open source GStreamer plugin for GStreamer. A security vulnerability exists in versions prior to gst-plugins-bad 1.22.6, which stems from the presence of an integer overflow vulnerability...

gst-plugins-bad security vulnerability

gst-plugins-bad is an open source GStreamer plugin for GStreamer. A security vulnerability exists in versions prior to gst-plugins-bad 1.22.6, which stems from the presence of an integer overflow vulnerability...

Debian DSA-5444-1 : gst-plugins-bad1.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5444 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

Critical Photon OS Security Update - PHSA-2023-4.0-0365

Updates of 'gst-plugins-bad', 'fribidi', 'c-ares' packages of Photon OS have been released...