rpm package
opensuse/gstreamer-plugins-bad&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gstreamer-plugins-bad&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-52720 | Hig | 8.8 | < 1.28.4+24-1.1 | 1.28.4+24-1.1 | Jun 15, 2026 | A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attack | |
| CVE-2026-52718 | Med | 6.5 | < 1.28.4+24-1.1 | 1.28.4+24-1.1 | Jun 15, 2026 | A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a us | |
| CVE-2017-5848 | Hig | 7.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |
| CVE-2017-5847 | Hig | 7.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | |
| CVE-2017-5838 | Hig | 7.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. |
- affected < 1.28.4+24-1.1fixed 1.28.4+24-1.1
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attack
- affected < 1.28.4+24-1.1fixed 1.28.4+24-1.1
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a us
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.