CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/04/20 4:13 a.m.•3 views

GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay

8.8CVSS8.4AI score0.00253EPSS

RedHat Linux•added 2026/04/20 2:56 a.m.•3 views

GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay

A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...

8.8CVSS8AI score0.0046EPSS

Amazon•added 2026/04/01 12:0 a.m.•3 views

Important: gstreamer1-plugins-good

Issue Overview: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085 Affected Packages: gstreamer1-plugins-good Issue Correction: Run dnf update...

8.8CVSS7.3AI score0.0046EPSS

Tenable Nessus•added 2026/04/01 12:0 a.m.•6 views

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1503)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1503 advisory. Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085...

8.8CVSS7.4AI score0.0046EPSS

Amazon•added 2026/04/01 12:0 a.m.•5 views

Important: gstreamer1-plugins-good

8.8CVSS7.3AI score0.0046EPSS

Snyk•added 2026/03/13 8:41 p.m.•1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the RTP QDM2 depayloader when handling X-QDM RTP payload elements. An attacker can achieve arbitrary code execution by supplying specially crafted data to the packetid element, resulting in a write past the...

8.8CVSS7.9AI score0.0046EPSS

FreeBSD•added 2026/02/25 12:0 a.m.•6 views

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.1 release: Twelve security vulnerabilities were addressed, including: Out-of-bounds reads and writes in the H.266 video parser, WAV parser, MP4 and ASF demuxers, and DVB subtitle decoder. Integer overflows in the RI...

8.8CVSS6.2AI score0.0046EPSS

Exploits0References12

ossfuzz•added 2020/02/12 6:33 p.m.•17 views

ffmpeg:ffmpeg_AV_CODEC_ID_QDM2_fuzzer: Index-out-of-bounds in qdm2_fft_init_coefficient

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5658290216501248 Project: ffmpeg Fuzzing Engine: libFuzzer Fuzz Target: ffmpegAVCODECIDQDM2fuzzer Job Type: libfuzzerubsanffmpeg Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash...

6.8AI score

Exploits0Affected Software1

NVD•added 2013/12/07 9:55 p.m.•13 views

CVE-2013-0846

Array index error in the qdm2decodesuperblock function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access...

9.3CVSS6.6AI score0.00938EPSS

OSV•added 2013/12/07 9:55 p.m.•3 views

CVE-2013-0846

6.5AI score

Prion•added 2013/12/07 9:55 p.m.•17 views

Out-of-bounds

9.3CVSS7.2AI score0.00938EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2013/12/07 9:55 p.m.•21 views

CVE-2013-0846

9.3CVSS5.9AI score0.00938EPSS

Exploits0References2

Debian CVE•added 2013/12/07 9:0 p.m.•15 views

CVE-2013-0846

9.3CVSS6.5AI score0.00938EPSS

OpenVAS•added 2012/02/11 12:0 a.m.•31 views

Debian: Security Advisory (DSA-2378-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.6AI score0.0294EPSS

OpenVAS•added 2012/01/20 12:0 a.m.•42 views

Ubuntu Update for libav USN-1333-1

Ubuntu Update for Linux kernel vulnerabilities USN-1333-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13331.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for libav USN-1333-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

9.3CVSS1.3AI score0.04725EPSS

Exploits0References2

Tenable Nessus•added 2012/01/18 12:0 a.m.•36 views

Ubuntu 11.04 / 11.10 : libav vulnerabilities (USN-1333-1)

Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the...

9.3CVSS8.7AI score0.04725EPSS

Exploits0References7

Ubuntu•added 2012/01/17 3:56 p.m.•60 views

USN-1333-1: Libav vulnerabilities

9.3CVSS8.8AI score0.04725EPSS

Tenable Nessus•added 2012/01/16 12:0 a.m.•40 views

FreeBSD : ffmpeg -- multiple vulnerabilities (ea2ddc49-3e8e-11e1-8095-5404a67eef98)

Ubuntu Security Notice USN-1320-1 reports : Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...

7.5CVSS8.7AI score0.04525EPSS

Exploits0References7

Tenable Nessus•added 2012/01/12 12:0 a.m.•47 views

Debian DSA-2378-1 : ffmpeg - several vulnerabilities

Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

7.5CVSS8.4AI score0.0294EPSS