CVE-2025-47806

MEDIUM
2025-08-07 [email protected]
5.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch Released
Apr 06, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
PoC Detected
Mar 17, 2026 - 15:52 vuln.today
Public exploit code
CVE Published
Aug 07, 2025 - 20:15 nvd
MEDIUM 5.6

Tags

Denial Of Service Gstreamer Redhat Suse

Description

In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.

Analysis

GStreamer's subparse plugin contains a stack-based buffer overflow in the parse_subrip_time function that allows attackers to write data past buffer boundaries, resulting in application crashes and potential information disclosure. Affected versions through 1.26.1 are vulnerable when processing specially crafted subtitle files. A proof-of-concept exploit is publicly available, and while the EPSS score of 0.07% suggests low exploitation probability overall, the availability of working exploit code elevates practical risk for systems processing untrusted subtitle content.

Technical Context

GStreamer is a multimedia framework used to construct graphs of media-handling components for applications including video playback, streaming, and format conversion. The vulnerability resides in the subparse plugin, specifically in the parse_subrip_time function, which parses SubRip format subtitle timestamps. This function implements a stack buffer (CWE-121: Stack-based Buffer Overflow) that fails to properly validate input length before writing parsed time values, allowing malicious or malformed SubRip subtitle files to overflow the buffer. The CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:* indicates all versions through at least 1.26.1 are affected. SubRip is a widely-used plain-text subtitle format commonly found in video containers and downloaded from subtitle repositories.

Affected Products

GStreamer through version 1.26.1 is affected across all platforms, as identified by the CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability exists in the subparse plugin component. Distributions and applications bundling GStreamer as a media backend—such as GNOME applications, Totem media player, and custom multimedia software—inherit this risk when users open untrusted subtitle files. The vendor advisory is available at https://gstreamer.freedesktop.org/security/. Additional technical details and proof-of-concept information can be found in the Atredis Partners advisory at https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md.

Remediation

Upgrade GStreamer to the latest patched version released after 1.26.1 (consult https://gstreamer.freedesktop.org/security/ for the specific version number and release date). For distributions, apply security updates provided by your OS vendor. Until patching is completed, implement the following mitigations: (1) disable the subparse plugin if subtitle support is not required, (2) restrict processing of subtitle files to trusted, internally-generated sources only, (3) run GStreamer-based applications with reduced privileges and in sandboxed environments to limit impact of crashes, and (4) implement file-type validation to reject malformed SubRip files before they reach the parser. Users should avoid opening subtitle files from untrusted internet sources until patches are applied.

Priority Score

48
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +28
POC: +20

Vendor Status

Share

CVE-2025-47806 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy