Debian Gst-Plugins-Base1.0 vulnerabilities

CVE-2026-2921 [HIGH] CVE-2026-2921: gst-plugins-base1.0 - GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. Thi... GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the han

CVE-2025-47806 [MEDIUM] CVE-2025-47806: gst-plugins-base1.0 - In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function ma... In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash. Scope: local bookworm: resolved (fixed in 1.22.0-3+deb12u5) bullseye: resolved (fixed in 1.18.4-2+deb11u4) forky: resolved (fixed in 1.26.2-1) sid: resolved (fixed in 1.26.2-1) trixie: resolved (fixed in 1.

CVE-2025-47808 [MEDIUM] CVE-2025-47808: gst-plugins-base1.0 - In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function ... In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. Scope: local bookworm: resolved (fixed in 1.22.0-3+deb12u5) bullseye: resolved (fixed in 1.18.4-2+deb11u4) forky: resolved (fixed in 1.26.2-1) sid: resolved (fixed in 1.26.2-1) trixie: resolve

CVE-2025-47807 [MEDIUM] CVE-2025-47807: gst-plugins-base1.0 - In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting fu... In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. Scope: local bookworm: resolved (fixed in 1.22.0-3+deb12u5) bullseye: resolved (fixed in 1.18.4-2+deb11u4) forky: resolved (fixed in 1.26.2-1) sid: resolved (fixed in 1.26.2-1) trixie:

CVE-2024-47607 [HIGH] CVE-2024-47607: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. st... GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always

CVE-2024-47615 [HIGH] CVE-2024-47615: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. An ... GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When t

CVE-2024-47538 [HIGH] CVE-2024-47538: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. A s... GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array.

CVE-2024-4453 [HIGH] CVE-2024-4453: gst-plugins-base1.0 - GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerabi... GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists withi

CVE-2024-47835 [MEDIUM] CVE-2024-47835: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. A n... GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string

CVE-2024-47541 [MEDIUM] CVE-2024-47541: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. An ... GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue

CVE-2024-47600 [MEDIUM] CVE-2024-47600: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. An ... GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a

CVE-2024-47542 [MEDIUM] CVE-2024-47542: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. A n... GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This

CVE-2023-37328 [HIGH] CVE-2023-37328: gst-plugins-base1.0 - GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vuln... GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exist

CVE-2021-3522 [MEDIUM] CVE-2021-3522: gst-plugins-base1.0 - GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ... GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. Scope: local bookworm: resolved (fixed in 1.18.4-2) bullseye: resolved (fixed in 1.18.4-2) forky: resolved (fixed in 1.18.4-2) sid: resolved (fixed in 1.18.4-2) trixie: resolved (fixed in 1.18.4-2)

CVE-2019-9928 [HIGH] CVE-2019-9928: gst-plugins-base1.0 - GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection ... GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. Scope: local bookworm: resolved (fixed in 1.14.4-2) bullseye: resolved (fixed in 1.14.4-2) forky: resolved (fixed in 1.14.4-2) sid: resolved (fixed in 1.14.4-2) trixie: resolved (fixed in 1

CVE-2017-5839 [HIGH] CVE-2017-5839: gst-plugins-base1.0 - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst... The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. Scope: local bookworm: resolved (fixed in 1.10.3-1) bullseye: resolved (f

CVE-2017-5842 [MEDIUM] CVE-2017-5842: gst-plugins-base1.0 - The html_context_handle_element function in gst/subparse/samiparse.c in gst-plug... The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. Scope: local bookworm: resolved (fixed in 1.10.3-1) bullseye: resolved (fixed in 1.10.3-1) forky: res

CVE-2017-5837 [MEDIUM] CVE-2017-5837: gst-plugins-base1.0 - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst... The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. Scope: local bookworm: resolved (fixed in 1.10.3-1) bullseye: resolved (fixed in 1.10.3-1) forky: resolved (fixed in 1.

CVE-2017-5844 [MEDIUM] CVE-2017-5844: gst-plugins-base1.0 - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst... The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. Scope: local bookworm: resolved (fixed in 1.10.3-1) bullseye: resolved (fixed in 1.10.3-1) forky: resolved (fixed in 1.10

CVE-2016-9811 [MEDIUM] CVE-2016-9811: gst-plugins-base1.0 - The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.... The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. Scope: local bookworm: resolved (fixed in 1.10.2-1) bullseye: resolved (fixed in 1.10.2-1) forky: resolved (fixed in 1.10.2-1) sid: resol