High severity8.1NVD Advisory· Published Aug 7, 2025· Updated May 12, 2026
CVE-2025-47219
CVE-2025-47219
Description
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
54- osv-coords51 versionspkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-25-openj9pkg:apk/chainguard/openjdk-25-openj9-dbgpkg:apk/chainguard/openjdk-25-openj9-default-jdkpkg:apk/chainguard/openjdk-25-openj9-default-jvmpkg:apk/chainguard/openjdk-25-openj9-jmodspkg:apk/chainguard/openjdk-25-openj9-jrepkg:apk/chainguard/openjdk-26-openj9pkg:apk/chainguard/openjdk-26-openj9-dbgpkg:apk/chainguard/openjdk-26-openj9-default-jdkpkg:apk/chainguard/openjdk-26-openj9-default-jvmpkg:apk/chainguard/openjdk-26-openj9-jmodspkg:apk/chainguard/openjdk-26-openj9-jrepkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 0.59.0-r2+ 50 more
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.24.0-150600.3.7.1
- (no CPE)range: < 1.22.0-150500.4.10.1
- (no CPE)range: < 1.22.0-150500.4.10.1
- (no CPE)range: < 1.24.0-150600.3.7.1
- (no CPE)range: < 1.24.0-150600.3.7.1
- (no CPE)range: < 1.22.0-150500.4.10.1
- (no CPE)range: < 1.22.0-150500.4.10.1
- (no CPE)range: < 1.24.0-150600.3.7.1
- (no CPE)range: < 1.24.0-150600.3.7.1
Patches
Vulnerability mechanics
References
3- github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.mdnvdExploitThird Party Advisory
- gstreamer.freedesktop.org/security/nvdVendor Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories