Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27381.
AnalysisAI
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.
Technical ContextAI
A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Stack-based Buffer Overflow (CWE-121).
RemediationAI
A vendor patch is available — apply it immediately. Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write an
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to
An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service o
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denia
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory
An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when par
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation fault
Same weakness CWE-121 – Stack-based Buffer Overflow
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| trusty | needs-triage | - |
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | released | 1.26.3-1 |
| plucky | ignored | end of life, was needs-triage |
| oracular | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
Debian
Bug #1108973| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | not-affected | - | - |
| bullseye (security) | fixed | 1.18.4-3+deb11u5 | - |
| bookworm, bookworm (security) | fixed | 1.22.0-4+deb12u6 | - |
| trixie | fixed | 1.26.2-3 | - |
| forky, sid | fixed | 1.28.1-2 | - |
| experimental | fixed | 1.26.3-1 | - |
| bookworm | not-affected | - | - |
| (unstable) | fixed | 1.26.2-3 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20240