Division by zero

Overview Affected versions of this package are vulnerable to Division by zero in the qtdemuxparsetrak function when parsing MP4 audio tracks. An attacker can cause a crash by supplying crafted atom data that triggers a division by zero. Remediation A fix was pushed into the master branch but not...

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

CVE-2026-46469

GStreamer gst-plugins-good prior to 1.28.2 contains a vulnerability in the isomp4 plugin (qtdemux_parse_trak) where insufficient validation of MP4 atom data allows integer division by zero, causing denial of service. The issue is fixed in 1.28.2 (see MR 11243; security advisory SA-2026-0018). No ...

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

PT-2026-41012

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-good versions prior to 1.28.2 Description An issue exists when parsing MP4 audio tracks where the isomp4 plugin's qtdemux parse trak function fails to sufficiently validate atom data before performing division operations...

BIT-JRE-2024-47545 GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...

PT-2026-38833

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux parse trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this...

BIT-JAVA-MIN-2024-47545 GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...

PT-2026-37839

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux parse trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

PT-2026-37812

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux parse trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this...

ROS-20251110-04

A vulnerability in the qtdemuxparsetrak function of the Gstreamer multimedia framework is related to a boundary condition in the MOV/MP4 demultiplexer. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to potentially sensitive information A vulnerability in th...

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2025-1185)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1185 advisory. In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. CVE-2025-47183 I...

Medium: gstreamer1-plugins-good

Issue Overview: In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. CVE-2025-47183 In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past t...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the qtdemuxparsetrak function when parsing certain MP4 files. An attacker can access sensitive information by crafting a malicious MP4 file that triggers a read past the end of a heap buffer. Remediation Upgrade...

GStreamer 安全漏洞

GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A security vulnerability exists in GStreamer 1.26.1 and earlier versions, which stems from an out-of-bounds read in the qtdemuxparsetrak function that could lead to information disclosure...

DEBIAN-CVE-2024-47545

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...

UBUNTU-CVE-2024-47545

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...