4493 matches found
CVE-2026-12891
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
CVE-2026-12891 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
CVE-2026-12891
The CVE-2026-12891 issue affects the GStreamer gst-plugins-bad package, specifically the H.266/VVC parser. A malformed H.266/VVC stream with a crafted aspect ratio indicator value can cause an out-of-bounds read of up to 8 bytes from adjacent memory. This could enable an attacker to craft a malic...
EUVD-2026-38606
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
CVE-2026-12891
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
CVE-2026-12892
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...
CVE-2026-12891
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
[SECURITY] [DSA 6362-1] gst-plugins-bad1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2026 https://www.debian.org/security/faq -...
PT-2026-51590
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the gst-plugins-bad package occurs when processing a specially crafted H.264 video file containing malformed Multiview Video Coding MVC or Scalable Video Coding SV...
PT-2026-51589
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the H.266 parser occurs when processing a malformed H.266/VVC video stream containing a crafted aspect ratio indicator value. This leads to an out-of-bounds read o...
Oracle Linux 9 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / gstreamer1-plugins-good, / and / gstreamer1-plugins-ugly-free (ELSA-2026-19180)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19180 advisory. gstreamer1-plugins-bad-free 1.22.12-7 - Rebuild to fix missing binaries due to buildsystem oversight 1.22.12-6 - Rebuild for z-stream Resolves:...
ROS-20260623-73-0004
The vulnerability of the JPEG Parser component in the Gstreamer multimedia framework is related to the lack of proper checks on the data length. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260623-73-0003
The vulnerability of the RIFF component in the Gstreamer multimedia framework is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260623-73-0002
The vulnerability of the ASF plugin for the Gstreamer multimedia framework is related to insufficient data validation. Exploiting this vulnerability allows an attacker to execute arbitrary code...
OPENSUSE-SU-2026:11088-1 gstreamer-plugins-bad-1.28.4+24-1.1 on GA media
These are all security issues fixed in the gstreamer-plugins-bad-1.28.4+24-1.1 package on the GA media of openSUSE Tumbleweed...
Debian dsa-6359 : gstreamer1.0-gtk3 - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6359 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6359-1 [email protected] https://www.debian.org/securit...
[SECURITY] [DSA 6353-1] gst-libav1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6353-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2026 https://www.debian.org/security/faq -...
MGASA-2026-0222 Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities
CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...
Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities
CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...
SUSE CVE-2026-52718
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...