rpm package
almalinux/gstreamer1-plugins-base
pkg:rpm/almalinux/gstreamer1-plugins-base
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2921 | — | < 1.26.7-2.el10_2 | 1.26.7-2.el10_2 | Mar 13, 2026 | GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may | ||
| CVE-2026-3083 | — | < 1.26.7-2.el10_2 | 1.26.7-2.el10_2 | Mar 13, 2026 | GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors | ||
| CVE-2026-3085 | — | < 1.26.7-2.el10_2 | 1.26.7-2.el10_2 | Mar 13, 2026 | GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack v | ||
| CVE-2026-3082 | — | < 1.26.7-2.el10_2 | 1.26.7-2.el10_2 | Mar 13, 2026 | GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve | ||
| CVE-2026-2923 | — | < 1.26.7-2.el10_2 | 1.26.7-2.el10_2 | Mar 13, 2026 | GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors | ||
| CVE-2026-2922 | — | < 1.26.7-2.el10_2 | 1.26.7-2.el10_2 | Mar 13, 2026 | GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vec | ||
| CVE-2026-2920 | — | < 1.26.7-2.el10_2 | 1.26.7-2.el10_2 | Mar 13, 2026 | GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve | ||
| CVE-2024-47835 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer | ||
| CVE-2024-47615 | — | < 1.22.1-3.el9_5 | 1.22.1-3.el9_5 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed th | ||
| CVE-2024-47607 | — | < 1.22.1-3.el9_5 | 1.22.1-3.el9_5 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will | ||
| CVE-2024-47600 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. | ||
| CVE-2024-47542 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is | ||
| CVE-2024-47541 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) | ||
| CVE-2024-47538 | — | < 1.22.1-3.el9_5 | 1.22.1-3.el9_5 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exce | ||
| CVE-2024-4453 | — | < 1.16.1-4.el8_10 | 1.16.1-4.el8_10 | May 22, 2024 | GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve | ||
| CVE-2023-37328 | — | < 1.22.1-2.el9 | 1.22.1-2.el9 | May 3, 2024 | GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but atta |
- CVE-2026-2921Mar 13, 2026affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may
- CVE-2026-3083Mar 13, 2026affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors
- CVE-2026-3085Mar 13, 2026affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack v
- CVE-2026-3082Mar 13, 2026affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
- CVE-2026-2923Mar 13, 2026affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors
- CVE-2026-2922Mar 13, 2026affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vec
- CVE-2026-2920Mar 13, 2026affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
- CVE-2024-47835Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer
- CVE-2024-47615Dec 11, 2024affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed th
- CVE-2024-47607Dec 11, 2024affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will
- CVE-2024-47600Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements.
- CVE-2024-47542Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is
- CVE-2024-47541Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha)
- CVE-2024-47538Dec 11, 2024affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exce
- CVE-2024-4453May 22, 2024affected < 1.16.1-4.el8_10fixed 1.16.1-4.el8_10
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
- CVE-2023-37328May 3, 2024affected < 1.22.1-2.el9fixed 1.22.1-2.el9
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but atta