3 matches found
CVE-2026-1940
CVE-2026-1940 describes an out-of-bounds read in gst_wavparse_adtl_chunk() due to improper handling of lsize and GST_ROUND_UP_2(lsize) in the WAV parser. Connected advisories confirm affected package family: gstreamer1-plugins-good (AL2/ALAS2 and AL2023 lines). Patches and updated packages are pr...
CVE-2026-46470
CVE-2026-46470 affects GStreamer gst-plugins-good before 1.28.2. The isomp4 plugin’s qtdemux_audio_caps does not sufficiently validate atom data when parsing MP4 audio tracks, enabling a denial of service via integer division by zero. Public docs from NVD/SUSE/Debian/ALPINE indicate the issue and...
CVE-2026-46469
GStreamer gst-plugins-good prior to 1.28.2 contains a vulnerability in the isomp4 plugin (qtdemux_parse_trak) where insufficient validation of MP4 atom data allows integer division by zero, causing denial of service. The issue is fixed in 1.28.2 (see MR 11243; security advisory SA-2026-0018). No ...