CVE-2025-47183 — Out-of-bounds Read in Gstreamer

CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

6.6MEDIUMNVD

EPSS

0.0%

top 95.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gstreamer Debian Gst-plugins-good1.0

Timeline

PublishedAug 7

Latest updateAug 26

Description

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:HExploitability: 1.3 | Impact: 5.2

Affected Packages2 packages

▶NVDgstreamer/gstreamer< 1.26.2

▶debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.18.4-2+deb11u4 (bullseye)

🔴Vulnerability Details

OSV

CVE-2025-47183: In GStreamer through 1↗2025-08-07

▶

GHSA

GHSA-p7rv-557w-hw2m: In GStreamer through 1↗2025-08-07

▶

CVEList

CVE-2025-47183: In GStreamer through 1↗2025-08-07

▶

📋Vendor Advisories

Ubuntu

GStreamer Good Plugins vulnerabilities↗2025-08-26

▶

Red Hat

gstreamer1-plugins-good: GStreamer MP4 Parser Heap Overflow↗2025-08-07

▶

Debian

CVE-2025-47183: gst-plugins-good1.0 - In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may...↗2025

▶