SUSE CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

PT-2026-41012

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-good versions prior to 1.28.2 Description An issue exists when parsing MP4 audio tracks where the isomp4 plugin's qtdemux parse trak function fails to sufficiently validate atom data before performing division operations...

Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017386 advisory. DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemuxinflate function which causes a segfault, or could...

BIT-JRE-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...

PT-2026-38836

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux parse samples within qtdemux.c. This issue arises when the function qtdemux parse samples reads data beyond the boundaries of the stream-stco buffer. The following co...

PT-2026-38833

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux parse trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this...

BIT-JAVA-MIN-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...

PT-2026-38022

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux parse samples within qtdemux.c. This issue arises when the function qtdemux parse samples reads data beyond the boundaries of the stream-stco buffer. The following co...

PT-2026-38021

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux parse svq3 stsd data function within qtdemux.c. In the FOURCC SMI case, seqh size is read from the input file without proper validation. If seqh size is greater than the...

PT-2026-38020

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract cc from data function within qtdemux.c. In the FOURCC c708 case, the subtraction atom length - 8 may result in an underflow if atom length is less than 8. When that...

PT-2026-38018

GStreamer is a library for constructing graphs of media-handling components. The function qtdemux parse sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

PT-2026-37811

GStreamer is a library for constructing graphs of media-handling components. The function qtdemux parse sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

PT-2026-33187

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description An integer overflow and out-of-bounds access issue exists in the MOV/MP4 demuxer, specifically within the 'qtdemux' component. This can lead to a stack-based buffer overflow, potentially...

GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of...

MiracleLinux 7 : gstreamer1-1.10.4-2.0.1.el7.AXS7 (AXSA:2025-11534:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11534:07 advisory. CVE-2024-47606: allocator: avoid integer overflow when allocating sysmem Fix documentation build with the newer gtk-doc CVEs: CVE-2024-47606 GStreamer is a...

OESA-2025-2438 gstreamer1 security update

GStreamer1 implements a framework that allows for processing and encoding of multimedia sources in a manner similar to a shell pipeline. Security Fixes: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function...

EUVD-2024-42817

Malicious code in bioql PyPI...

Medium: gstreamer1-plugins-good

Issue Overview: GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. CVE-2021-3498 GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the converttos3341a function in...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A out-of-bounds write vulnerability was identified in the converttos3341a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. An integer underflow was detected in the extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction of atomlength – 8 may result in an underflow if atomlength is less than 8. When this subtracti...