VYPR

Gstreamer

by Gstreamer

Source repositories

CVEs (105)

  • CVE-2026-52722HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a…

  • CVE-2026-52718MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a…

  • CVE-2016-9813MedJan 13, 2017
    risk 0.39cvss 5.5epss 0.08

    The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2021-3522MedJun 2, 2021
    risk 0.36cvss 5.5epss 0.05

    GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

  • CVE-2017-5846MedFeb 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.

  • CVE-2017-5844MedFeb 9, 2017
    risk 0.36cvss 5.5epss 0.03

    The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

  • CVE-2017-5842MedFeb 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

  • CVE-2017-5837MedFeb 9, 2017
    risk 0.36cvss 5.5epss 0.03

    The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.

  • CVE-2016-10198MedFeb 9, 2017
    risk 0.36cvss 5.5epss 0.03

    The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.

  • CVE-2016-9810MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.

  • CVE-2016-9807MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.03

    The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.

  • CVE-2026-52721MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local…

  • CVE-2026-1940MedMar 23, 2026
    risk 0.33cvss 5.1epss 0.00

    An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd…

  • CVE-2016-9811MedJan 13, 2017
    risk 0.31cvss 4.7epss 0.02

    The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

  • CVE-2006-4192Aug 17, 2006
    risk 0.04cvss epss 0.08

    Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the…

  • CVE-2023-50186May 3, 2024
    risk 0.01cvss epss 0.02

    GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but…

  • CVE-2023-38103May 3, 2024
    risk 0.01cvss epss 0.01

    GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack…

  • CVE-2023-37329May 3, 2024
    risk 0.01cvss epss 0.01

    GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but…

  • CVE-2023-37328May 3, 2024
    risk 0.01cvss epss 0.02

    GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but…

  • CVE-2019-9928Apr 24, 2019
    risk 0.01cvss epss 0.06

    GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

Page 2 of 6