Lucene search
+L

4568 matches found

RedHat Linux
RedHat Linux
added 2026/07/08 12:2 p.m.7 views

gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS6AI score0.00228EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/08 12:2 p.m.10 views

Moderate: Red Hat Security Advisory: gstreamer1-plugins-ugly-free security update

An update for gstreamer1-plugins-ugly-free is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6AI score0.00228EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.8 views

Amazon Linux 2 : gstreamer1-plugins-bad-free, --advisory ALAS2-2026-3790 (ALAS-2026-3790)

The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3790 advisory. A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The...

7.1CVSS7AI score0.0031EPSS
Exploits0References8
Amazon
Amazon
added 2026/07/08 12:0 a.m.7 views

Important: gstreamer-plugins-bad-free

Issue Overview: A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker...

8.8CVSS6.6AI score0.0053EPSS
Exploits0
Amazon
Amazon
added 2026/07/08 12:0 a.m.7 views

Important: gstreamer1-plugins-good

Issue Overview: Heap buffer overflow in the Matroska MKV demuxer when calculating decompressed buffer sizes for bz2-compressed tracks. The issue occurs due to missing parentheses in the buffer size calculation, causing incorrect memory allocation and potential out-of-bounds writes. from...

7.6CVSS6.5AI score0.0031EPSS
Exploits0
Amazon
Amazon
added 2026/07/08 12:0 a.m.5 views

Medium: gstreamer1-plugins-bad-free

Issue Overview: A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into...

7.1CVSS6.1AI score0.0031EPSS
Exploits0
Amazon
Amazon
added 2026/07/08 12:0 a.m.5 views

Important: gstreamer-plugins-good

Issue Overview: A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack...

7.6CVSS6.4AI score0.0031EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.8 views

Amazon Linux 2 : gstreamer-plugins-good, --advisory ALAS2-2026-3787 (ALAS-2026-3787)

The version of gstreamer-plugins-good installed on the remote host is prior to 0.10.31-20. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3787 advisory. A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted...

7.6CVSS7.3AI score0.0031EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/08 12:0 a.m.6 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the opensslverifycallback process during a DTLS handshake. An attacker can cause a process crash and disrupt service availability by sending a certificate with an oversized Subject Distinguished Name that...

8.7CVSS6.2AI score0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.10 views

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3788 (ALAS-2026-3788)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3788 advisory. Heap buffer overflow in the Matroska MKV demuxer when calculating decompressed buffer sizes for...

7.6CVSS7.3AI score0.0031EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.6 views

RHEL 10 : gstreamer1-plugins-ugly-free (RHSA-2026:36673)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:36673 advisory. GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is...

7.1CVSS6.2AI score0.00228EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.6 views

Amazon Linux 2 : gstreamer-plugins-bad-free, --advisory ALAS2-2026-3791 (ALAS-2026-3791)

The version of gstreamer-plugins-bad-free installed on the remote host is prior to 0.10.23-42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3791 advisory. A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle...

8.8CVSS7.1AI score0.0053EPSS
Exploits0References8
OSV
OSV
added 2026/07/08 12:0 a.m.4 views

ALSA-2026:36749 Important: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tilelistobu parser byte/bit...

8.8CVSS7.1AI score0.0053EPSS
Exploits0References10
OSV
OSV
added 2026/07/08 12:0 a.m.4 views

ALSA-2026:36674 Moderate: gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is not fully compatible with LGPL. Security Fixes: gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 12:0 a.m.3 views

ALSA-2026:36774 Important: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer1-plugins-good: GStreamer: Heap buffer overflo...

7.6CVSS7.1AI score0.0031EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:16 p.m.11 views

CVE-2026-14935

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS0.0015EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 4:16 p.m.3 views

DEBIAN-CVE-2026-14935

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS6.1AI score0.0015EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 3:37 p.m.16 views

CVE-2026-14935

GStreamer webrtcbin contains a logic flaw in _check_sdp_crypto(): an inverted presence check allows remote SDP offers/answers without the a=fingerprint attribute, while rejecting ones that include it. This could let an attacker intercepting WebRTC signaling bypass the SDP-level DTLS certificate f...

3.7CVSS6AI score0.0015EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 3:37 p.m.33 views

CVE-2026-14935 Gstreamer: gstreamer: webrtcbin accepts remote sdp without a=fingerprint due to inverted presence check

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS0.0015EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 3:37 p.m.8 views

EUVD-2026-42051

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS6AI score0.0015EPSS
Exploits0References4
Rows per page
Query Builder