Lucene search
K

4493 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.4 views

CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.47 views

CVE-2026-12891 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:53 p.m.35 views

CVE-2026-12891

The CVE-2026-12891 issue affects the GStreamer gst-plugins-bad package, specifically the H.266/VVC parser. A malformed H.266/VVC stream with a crafted aspect ratio indicator value can cause an out-of-bounds read of up to 8 bytes from adjacent memory. This could enable an attacker to craft a malic...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2026/06/23 7:53 p.m.6 views

EUVD-2026-38606

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/23 7:53 p.m.7 views

CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00276EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.7 views

CVE-2026-12892

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

4.4CVSS5.8AI score0.00119EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.6 views

CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References4
Debian
Debian
added 2026/06/23 3:56 p.m.6 views

[SECURITY] [DSA 6362-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2026 https://www.debian.org/security/faq -...

7.1CVSS6AI score0.0031EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51590

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the gst-plugins-bad package occurs when processing a specially crafted H.264 video file containing malformed Multiview Video Coding MVC or Scalable Video Coding SV...

4.4CVSS5.8AI score0.00119EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51589

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the H.266 parser occurs when processing a malformed H.266/VVC video stream containing a crafted aspect ratio indicator value. This leads to an out-of-bounds read o...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Oracle Linux 9 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / gstreamer1-plugins-good, / and / gstreamer1-plugins-ugly-free (ELSA-2026-19180)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19180 advisory. gstreamer1-plugins-bad-free 1.22.12-7 - Rebuild to fix missing binaries due to buildsystem oversight 1.22.12-6 - Rebuild for z-stream Resolves:...

8.8CVSS7.2AI score0.00867EPSS
Exploits0References8
Redos
Redos
added 2026/06/23 12:0 a.m.8 views

ROS-20260623-73-0004

The vulnerability of the JPEG Parser component in the Gstreamer multimedia framework is related to the lack of proper checks on the data length. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.8CVSS6.2AI score0.00787EPSS
Exploits0
Redos
Redos
added 2026/06/23 12:0 a.m.6 views

ROS-20260623-73-0003

The vulnerability of the RIFF component in the Gstreamer multimedia framework is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.8CVSS6.2AI score0.00867EPSS
Exploits0
Redos
Redos
added 2026/06/23 12:0 a.m.8 views

ROS-20260623-73-0002

The vulnerability of the ASF plugin for the Gstreamer multimedia framework is related to insufficient data validation. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.8CVSS6.1AI score0.00773EPSS
Exploits0
OSV
OSV
added 2026/06/22 12:0 a.m.2 views

OPENSUSE-SU-2026:11088-1 gstreamer-plugins-bad-1.28.4+24-1.1 on GA media

These are all security issues fixed in the gstreamer-plugins-bad-1.28.4+24-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS5.9AI score0.0053EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.5 views

Debian dsa-6359 : gstreamer1.0-gtk3 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6359 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6359-1 [email protected] https://www.debian.org/securit...

8.8CVSS7.7AI score0.00828EPSS
Exploits0References12
Debian
Debian
added 2026/06/19 6:15 p.m.20 views

[SECURITY] [DSA 6353-1] gst-libav1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6353-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2026 https://www.debian.org/security/faq -...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/18 6:4 p.m.4 views

MGASA-2026-0222 Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities

CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...

8.8CVSS7.5AI score0.00867EPSS
Exploits0References4
Mageia
Mageia
added 2026/06/18 6:4 p.m.7 views

Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities

CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...

8.8CVSS7.6AI score0.00867EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.9AI score0.0031EPSS
Exploits0References3
Rows per page
Query Builder