Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (zdi).
CVSS VectorVendor: zdi
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.
AnalysisAI
Heap-based buffer overflow vulnerability in GStreamer's ASF Demuxer component that allows remote attackers to execute arbitrary code when processing malicious ASF media files. The vulnerability requires user interaction (opening/processing a malicious file) and affects all versions of GStreamer based on the CPE data. No evidence of active exploitation (not in KEV) or public proof-of-concept exists, though Zero Day Initiative tracked it as ZDI-CAN-28843.
Technical ContextAI
GStreamer is an open-source multimedia framework (CPE: cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*) widely used in Linux applications for media playback. The vulnerability occurs in the ASF (Advanced Systems Format) demuxer when parsing stream headers from ASF files - a format commonly used for Windows Media files. The root cause is CWE-122 (Heap-based Buffer Overflow), where the demuxer fails to validate the length of user-supplied data before copying it to a fixed-size heap buffer, allowing an attacker to overflow the buffer and potentially overwrite adjacent memory structures.
RemediationAI
Apply the patch available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3. Update to the latest version of GStreamer that includes this fix. As a workaround, avoid processing ASF files from untrusted sources, implement sandboxing for media processing applications, and consider disabling ASF format support if not required. Monitor distribution-specific security updates as they will likely backport this fix.
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write an
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to
An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service o
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denia
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory
An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when par
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation fault
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.70 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.38 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.62 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.72 Image SL-Micro | Affected |
| Container suse/sl-micro/6.0/toolbox:13.2-9.23 | Affected |
| Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd | Affected |
| SUSE Liberty Linux 10 | Fixed |
| SUSE Liberty Linux 8 | Fixed |
| SUSE Liberty Linux 9 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12113