BIT-JRE-2024-47775 GHSL-2024-261: GStreamer has an OOB-read in parse_ds64

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multipl...

BIT-JRE-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...

PT-2026-38840

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst wavparse smpl chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer...

PT-2026-38835

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux parse svq3 stsd data function within qtdemux.c. In the FOURCC SMI case, seqh size is read from the input file without proper validation. If seqh size is greater than the...

PT-2026-38839

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst wavparse cue chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatc...

PT-2026-38841

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst wavparse adtl chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffe...

PT-2026-38832

GStreamer is a library for constructing graphs of media-handling components. The function qtdemux parse sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

PT-2026-38833

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux parse trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this...

PT-2026-38838

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse ds64 function within gstwavparse.c. The parse ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing...

BIT-JAVA-MIN-2024-47778 GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. ...

BIT-JAVA-MIN-2024-47777 GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

BIT-JAVA-2024-47778 GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. ...

BIT-JAVA-2024-47777 GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

BIT-JAVA-2024-47775 GHSL-2024-261: GStreamer has an OOB-read in parse_ds64

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multipl...

BIT-JAVA-2024-47597 GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

BIT-JAVA-MIN-2024-47545 GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemuxparsetrak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happen...

BIT-JAVA-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...

BIT-JAVA-MIN-2024-47544 GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling

GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

BIT-JAVA-2024-47544 GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling

GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

PT-2026-38023

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux parse theora extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...