CVE-2025-47806Stack-based Buffer Overflow in Gstreamer

CWE-121Stack-based Buffer OverflowCWE-125Out-of-bounds Read7 documents6 sources
Severity
5.6MEDIUMNVD
EPSS
0.1%
top 76.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GstreamerDebian Gst-plugins-base1.0
Timeline
PublishedAug 7
Latest updateOct 20

Description

In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages2 packages

NVDgstreamer/gstreamer< 1.26.2
debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u5 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-2g8j-23q2-f55c: In GStreamer through 12025-08-07
OSV
CVE-2025-47806: In GStreamer through 12025-08-07

📋Vendor Advisories

4
Ubuntu
GStreamer Base Plugins vulnerabilities2025-10-20
Ubuntu
GStreamer Base Plugins vulnerabilities2025-08-26
Red Hat
gstreamer1-plugins-base: GStreamer Subparse Stack Buffer Overflow2025-08-07
Debian
CVE-2025-47806: gst-plugins-base1.0 - In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function ma...2025