4568 matches found
gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser
A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...
Moderate: Red Hat Security Advisory: gstreamer1-plugins-ugly-free security update
An update for gstreamer1-plugins-ugly-free is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Amazon Linux 2 : gstreamer1-plugins-bad-free, --advisory ALAS2-2026-3790 (ALAS-2026-3790)
The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3790 advisory. A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The...
Important: gstreamer-plugins-bad-free
Issue Overview: A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker...
Important: gstreamer1-plugins-good
Issue Overview: Heap buffer overflow in the Matroska MKV demuxer when calculating decompressed buffer sizes for bz2-compressed tracks. The issue occurs due to missing parentheses in the buffer size calculation, causing incorrect memory allocation and potential out-of-bounds writes. from...
Medium: gstreamer1-plugins-bad-free
Issue Overview: A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into...
Important: gstreamer-plugins-good
Issue Overview: A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack...
Amazon Linux 2 : gstreamer-plugins-good, --advisory ALAS2-2026-3787 (ALAS-2026-3787)
The version of gstreamer-plugins-good installed on the remote host is prior to 0.10.31-20. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3787 advisory. A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the opensslverifycallback process during a DTLS handshake. An attacker can cause a process crash and disrupt service availability by sending a certificate with an oversized Subject Distinguished Name that...
Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3788 (ALAS-2026-3788)
The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3788 advisory. Heap buffer overflow in the Matroska MKV demuxer when calculating decompressed buffer sizes for...
RHEL 10 : gstreamer1-plugins-ugly-free (RHSA-2026:36673)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:36673 advisory. GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is...
Amazon Linux 2 : gstreamer-plugins-bad-free, --advisory ALAS2-2026-3791 (ALAS-2026-3791)
The version of gstreamer-plugins-bad-free installed on the remote host is prior to 0.10.23-42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3791 advisory. A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle...
ALSA-2026:36749 Important: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tilelistobu parser byte/bit...
ALSA-2026:36674 Moderate: gstreamer1-plugins-ugly-free security update
GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is not fully compatible with LGPL. Security Fixes: gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header...
ALSA-2026:36774 Important: gstreamer1-plugins-good security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer1-plugins-good: GStreamer: Heap buffer overflo...
CVE-2026-14935
A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...
DEBIAN-CVE-2026-14935
A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...
CVE-2026-14935
GStreamer webrtcbin contains a logic flaw in _check_sdp_crypto(): an inverted presence check allows remote SDP offers/answers without the a=fingerprint attribute, while rejecting ones that include it. This could let an attacker intercepting WebRTC signaling bypass the SDP-level DTLS certificate f...
CVE-2026-14935 Gstreamer: gstreamer: webrtcbin accepts remote sdp without a=fingerprint due to inverted presence check
A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...
EUVD-2026-42051
A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...