DEBIAN-CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure...

DEBIAN-CVE-2025-47808

In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

AZL-66180 CVE-2025-47806 affecting package gstreamer1-plugins-base 1.20.0-3

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the qtdemuxparsetrak function when parsing certain MP4 files. An attacker can access sensitive information by crafting a malicious MP4 file that triggers a read past the end of a heap buffer. Remediation Upgrade...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the parsesubriptime function in the gst/subparse/gstsubparse.c. An attacker can cause a crash by providing specially crafted input that results in writing data past the bounds of a stack buffer. Remediati...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the qtdemuxparsetree function when parsing certain MP4 files. An attacker can access sensitive information by crafting a malicious MP4 file that triggers a read past the end of a heap buffer. Remediation Upgrade...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the tmplayerparseline function when parsing a subtitle file. An attacker can cause a crash by providing a specially crafted subtitle file that triggers a NULL pointer dereference. Remediation Upgrade gstream...

GStreamer 安全漏洞

GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A security vulnerability exists in GStreamer 1.26.1 and earlier versions, which stems from an out-of-bounds read in the qtdemuxparsetrak function that could lead to information disclosure...

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2025-38307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parseintarray The first element of the returned...

GStreamer 安全漏洞

GStreamer is an open source set of frameworks for processing streaming media from GStreamer. A security vulnerability exists in GStreamer 1.26.1 and earlier versions, which stems from an out-of-bounds read in the qtdemuxparsetree function that could lead to information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2025-21946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix out-of-bounds in parsesecdesc If osidoffset, gsidoffset and dacloffset could be greater than smbntsd struct size. If it is smaller, It could cause...

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

kernel: cifs: potential buffer overflow in handling symlinks

A buffer overflow vulnerability has been identified in the Linux kernel's Common Internet File System CIFS module, specifically within the parsemfsymlink function. This flaw is caused by insufficient input validation on the linklen value, which dictates the length of a symbolic link. An attacker...

kernel: cifs: potential buffer overflow in handling symlinks

A buffer overflow vulnerability has been identified in the Linux kernel's Common Internet File System CIFS module, specifically within the parsemfsymlink function. This flaw is caused by insufficient input validation on the linklen value, which dictates the length of a symbolic link. An attacker...

Malicious code in vite-simpleparse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d3836a7e7ded3a3b153bf7f32248516a0568c53e4abd6ecb2003a30197daaa0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

libtpms: Libtpms Out-of-Bounds Read Vulnerability

A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...

ruby:3.3 security update

An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of the parse_int_array() function in the ASoC component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the parseintarray function in the ASoC component of the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...