38 matches found
gstreamer1-plugins-bad-free security update
An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...
RLSA-2026:37130 Important: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle i...
GStreamer < 1.28.5 Multiple Vulnerabilities
The version of GStreamer installed on the remote host is prior to 1.28.5. It is, therefore, affected by multiple vulnerabilities: - A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer...
Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free security update
An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Oracle Linux 9 : gstreamer1-plugins-bad-free (ELSA-2026-36834)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-36834 advisory. - Sync with c9s release -5..-7: fix for CVE-2026-2923, CVE-2026-3082 in dvbsuboverlay and jpegparser Resolves: RHEL-156242, RHEL-156255 - Fix bytes/bi...
AlmaLinux 10 : gstreamer1-plugins-bad-free (ALSA-2026:36749)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:36749 advisory. gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tilelistobu parser byte/bit confusion CVE-2026-52718 gstreamer1-plugins-bad-free:...
RHEL 10 : gstreamer1-plugins-bad-free (RHSA-2026:36749)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:36749 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...
ALSA-2026:37130 Important: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle i...
Amazon Linux 2 : gstreamer1-plugins-bad-free, --advisory ALAS2-2026-3790 (ALAS-2026-3790)
The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3790 advisory. A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The...
CVE-2026-52722
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...
CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...
CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...
CVE-2026-52722
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...
Linux Distros Unpatched Vulnerability : CVE-2026-52722
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer...
EUVD-2016-10255
Malware in sbrugna...
EUVD-2016-10256
Malware in sbrugna...
RHEL 7 : gstreamer-plugins-bad-free (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer: buffer overflow in gsth264sliceparsedecrefpicmarking CVE-2021-3185 - The vmnc decoder in the...
SUSE CVE-2016-9445
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service crash via large width and height values, which triggers a buffer overflow...
SUSE CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...
CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...