rpm package

almalinux/gstreamer1-plugins-good

pkg:rpm/almalinux/gstreamer1-plugins-good

Vulnerabilities (38)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-2921	—	< 1.26.7-2.el10_2	1.26.7-2.el10_2	Mar 13, 2026	GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may
CVE-2026-3083	—	< 1.26.7-2.el10_2	1.26.7-2.el10_2	Mar 13, 2026	GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors
CVE-2026-3085	—	< 1.26.7-2.el10_2	1.26.7-2.el10_2	Mar 13, 2026	GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack v
CVE-2026-3082	—	< 1.26.7-2.el10_2	1.26.7-2.el10_2	Mar 13, 2026	GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
CVE-2026-2923	—	< 1.26.7-2.el10_2	1.26.7-2.el10_2	Mar 13, 2026	GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors
CVE-2026-2922	—	< 1.26.7-2.el10_2	1.26.7-2.el10_2	Mar 13, 2026	GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vec
CVE-2026-2920	—	< 1.26.7-2.el10_2	1.26.7-2.el10_2	Mar 13, 2026	GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
CVE-2024-47834	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_pars
CVE-2024-47778	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds
CVE-2024-47777	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size o
CVE-2024-47776	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the funct
CVE-2024-47775	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read fro
CVE-2024-47774	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without chec
CVE-2024-47613	—	< 1.22.1-3.el9_5	1.22.1-3.el9_5	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix
CVE-2024-47606	—	< 1.22.1-3.el9_5	1.22.1-3.el9_5	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a
CVE-2024-47603	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is call
CVE-2024-47602	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->
CVE-2024-47601	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity
CVE-2024-47599	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output
CVE-2024-47598	—	< 1.22.12-4.el9	1.22.12-4.el9	Dec 11, 2024	GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_durat

CVE-2026-2921Mar 13, 2026
affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may
CVE-2026-3083Mar 13, 2026
affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors
CVE-2026-3085Mar 13, 2026
affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack v
CVE-2026-3082Mar 13, 2026
affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
CVE-2026-2923Mar 13, 2026
affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors
CVE-2026-2922Mar 13, 2026
affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vec
CVE-2026-2920Mar 13, 2026
affected < 1.26.7-2.el10_2fixed 1.26.7-2.el10_2
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
CVE-2024-47834Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_pars
CVE-2024-47778Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds
CVE-2024-47777Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size o
CVE-2024-47776Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the funct
CVE-2024-47775Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read fro
CVE-2024-47774Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without chec
CVE-2024-47613Dec 11, 2024
affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix
CVE-2024-47606Dec 11, 2024
affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a
CVE-2024-47603Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is call
CVE-2024-47602Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->
CVE-2024-47601Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity
CVE-2024-47599Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output
CVE-2024-47598Dec 11, 2024
affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_durat

Page 1 of 2