VYPR

Good Plug Ins

by Gstreamer

CVEs (13)

  • CVE-2026-53705HigJun 15, 2026
    risk 0.49cvss 7.6epss 0.00

    A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation.…

  • CVE-2017-5845HigFeb 9, 2017
    risk 0.49cvss 7.5epss 0.04

    The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.

  • CVE-2017-5841HigFeb 9, 2017
    risk 0.49cvss 7.5epss 0.04

    The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.

  • CVE-2017-5840HigFeb 9, 2017
    risk 0.49cvss 7.5epss 0.05

    The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.

  • CVE-2016-10199HigFeb 9, 2017
    risk 0.49cvss 7.5epss 0.04

    The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.

  • CVE-2016-10198MedFeb 9, 2017
    risk 0.36cvss 5.5epss 0.03

    The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.

  • CVE-2016-9810MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.

  • CVE-2026-46470MedMay 14, 2026
    risk 0.26cvss 4.0epss 0.00

    An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer…

  • CVE-2026-46469MedMay 14, 2026
    risk 0.26cvss 4.0epss 0.00

    An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer…

  • CVE-2009-0397Feb 3, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via…

  • CVE-2009-0387Feb 2, 2009
    risk 0.01cvss epss 0.06

    Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync…

  • CVE-2009-0386Feb 2, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a…

  • CVE-2009-1932Jun 4, 2009
    risk 0.00cvss epss 0.05

    Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service…