CVE-2025-47219 — Out-of-bounds Read in Gstreamer

CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 72.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gstreamer Debian Gst-plugins-good1.0

Timeline

PublishedAug 7

Latest updateJan 15

Description

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDgstreamer/gstreamer< 1.26.2

▶debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.22.0-5+deb12u3 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-8h3r-68m6-vm7c: In GStreamer through 1↗2025-08-07

▶

CVEList

CVE-2025-47219: In GStreamer through 1↗2025-08-07

▶

OSV

CVE-2025-47219: In GStreamer through 1↗2025-08-07

▶

📋Vendor Advisories

Oracle

Oracle Oracle Java SE Risk Matrix: JavaFX (gstreamer) — CVE-2025-47219↗2026-01-15

▶

Ubuntu

GStreamer Good Plugins vulnerability↗2025-10-22

▶

Ubuntu

GStreamer Good Plugins vulnerabilities↗2025-08-26

▶

Red Hat

gstreamer1-plugins-good: GStreamer MP4 Parser Heap Overflow↗2025-08-07

▶

Debian

CVE-2025-47219: gst-plugins-good1.0 - In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may...↗2025

▶