Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GStreamer Good Plugins vulnerabilities (USN-8317-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8317-1 advisory. It was discovered that GStreamer Good Plugins incorrectly handled certain MP4 audio tracks. An attacker could possibly use this issue...

USN-8317-1 gst-plugins-good1.0 vulnerabilities

It was discovered that GStreamer Good Plugins incorrectly handled certain MP4 audio tracks. An attacker could possibly use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service...

SUSE CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

SUSE CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

CVE-2026-46470

CVE-2026-46470 affects GStreamer gst-plugins-good before 1.28.2. The isomp4 plugin’s qtdemux_audio_caps does not sufficiently validate atom data when parsing MP4 audio tracks, enabling a denial of service via integer division by zero. Public docs from NVD/SUSE/Debian/ALPINE indicate the issue and...

CVE-2026-46469

GStreamer gst-plugins-good prior to 1.28.2 contains a vulnerability in the isomp4 plugin (qtdemux_parse_trak) where insufficient validation of MP4 atom data allows integer division by zero, causing denial of service. The issue is fixed in 1.28.2 (see MR 11243; security advisory SA-2026-0018). No ...

Linux Distros Unpatched Vulnerability : CVE-2026-46470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not...

Linux Distros Unpatched Vulnerability : CVE-2026-46469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not...

PT-2026-41013

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-good versions prior to 1.28.2 Description An issue exists when parsing MP4 audio tracks where the isomp4 plugin's qtdemux audio caps function fails to sufficiently validate atom data before performing division operations...

EUVD-2010-0068

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-3784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4Mp4AudioDsiParser::ReadBits of t...

UBUNTU-CVE-2022-3784

A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched...

Bento4 Null Pointer Dereference Vulnerability (CNVD-2019-28478)

Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. A null pointer dereference vulnerability exists in AP4Track::GetSampleIndexForTimeStampMs in Core/Ap4Track.cpp in Bento4 1.5.1-628, which can be exploited by an attacker to cause a denial of service by sending a special...

CVE-2010-0036

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MP4 audio file...

Buffer overflow

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MP4 audio file...

CVE-2010-0036

CVE-2010-0036 affects Mac OS X CoreAudio in 10.5.8 and 10.6.2; a buffer overflow in parsing MP4 audio files may allow remote code execution or cause a denial of service (application crash). Evidence from multiple sources confirms the impact and Apple’s patch is Security Update 2010-001 (SecUpd201...

CVE-2010-0036

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MP4 audio file...

CVE-2010-0036

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MP4 audio file...