EUVD-2025-23943

Malicious code in bioql PyPI...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

CVE-2025-47807

CVE-2025-47807 affects GStreamer up to 1.26.1: the subparse plugin’s subrip_unescape_formatting may dereference a NULL pointer while parsing subtitle files, causing a crash (DoS). Connected advisories confirm the issue across distributions: Debian DLA-4371-1 fixes gst-plugins-base1.0 on Debian 11...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47806

CVE-2025-47806 affects the GStreamer base plugins’ subparse plugin, specifically the parse_subrip_time function, which can write past the bounds of a stack buffer in releases up to 1.26.1. This may cause a crash/DoS. Public advisories confirm fixes in downstream packaging: Debian 11 bullseye (gst...

CVE-2025-47808

In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...