Gstreamer

CVE-2026-3084 is an integer underflow vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malicious media files. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and can be exploited through user interaction with specially crafted H.266 video content, allowing attackers to execute arbitrary code in the context of the application. No active exploitation (not in KEV) or public POC has been reported, and the relatively high CVSS score (7.8) is tempered by the local attack vector and user interaction requirement.

Critical out-of-bounds write vulnerability in GStreamer's rtpqdm2depay component that allows remote code execution when processing malformed X-QDM RTP payloads. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction, though attack vectors vary by implementation. With a CVSS score of 8.8 and active patch available, this represents a significant risk for applications using GStreamer for media processing.

CVE-2026-3086 is an out-of-bounds write vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malformed APS (Adaptation Parameter Set) units. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to exploit, such as processing a malicious H.266 video file. No evidence of active exploitation (not in KEV), no public POC, and no EPSS score available yet.

Heap-based buffer overflow vulnerability in GStreamer's rtpqdm2depay component that allows remote attackers to execute arbitrary code when processing malformed X-QDM RTP payloads. The vulnerability affects all versions of GStreamer (CPE indicates no version restrictions) and requires user interaction to exploit, though attack vectors may vary based on implementation. No active exploitation is known (not in KEV), and no EPSS score is available to assess real-world exploitation probability.

Heap-based buffer overflow vulnerability in the GStreamer multimedia framework's JPEG parser that allows remote code execution when processing malicious Huffman tables. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to exploit, with a CVSS score of 7.8. No active exploitation in the wild has been reported (not in KEV), and no EPSS data is available.

Stack-based buffer overflow in GStreamer's H.266 codec parser that allows remote code execution when processing malicious video files. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to trigger, such as opening a malicious media file. No active exploitation (not in KEV) or public PoC has been reported, with EPSS data unavailable.

CVE-2026-2923 is an out-of-bounds write vulnerability in GStreamer's DVB Subtitles handling that allows remote code execution when processing malformed subtitle coordinates. This vulnerability affects all versions of GStreamer (CPE indicates no version restrictions) and requires user interaction to exploit, though attack vectors may vary by implementation. No evidence of active exploitation (not in KEV), no public POC available, and no EPSS data provided.

Critical remote code execution vulnerability in GStreamer's RealMedia demuxer component, allowing attackers to execute arbitrary code via malformed video packets that trigger an out-of-bounds write. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and requires user interaction to process malicious media files. While no active exploitation is reported (not in KEV), the availability of a vendor patch and ZDI advisory suggests this vulnerability has been responsibly disclosed and addressed.

Heap-based buffer overflow vulnerability in GStreamer's ASF Demuxer component that allows remote attackers to execute arbitrary code when processing malicious ASF media files. The vulnerability requires user interaction (opening/processing a malicious file) and affects all versions of GStreamer based on the CPE data. No evidence of active exploitation (not in KEV) or public proof-of-concept exists, though Zero Day Initiative tracked it as ZDI-CAN-28843.

A null pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the tmplayer_parse_line function when processing malformed subtitle files. This affects GStreamer through version 1.26.1 and can be triggered by an unauthenticated attacker over the network with moderate complexity, resulting in application crash (denial of service) and potential information disclosure. A public proof-of-concept exploit is available, but the EPSS score of 0.09% (25th percentile) indicates relatively low real-world exploitation probability despite POC availability.

A NULL pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the subrip_unescape_formatting function, which can crash applications when processing maliciously crafted or malformed subtitle files. GStreamer versions through 1.26.1 are affected, and the vulnerability is exploitable through local attack vectors requiring user interaction to open a subtitle file. A public proof-of-concept is available, though the low EPSS score of 0.03% (7th percentile) suggests limited real-world exploitation likelihood despite the availability of exploit code.

GStreamer's subparse plugin contains a stack-based buffer overflow in the parse_subrip_time function that allows attackers to write data past buffer boundaries, resulting in application crashes and potential information disclosure. Affected versions through 1.26.1 are vulnerable when processing specially crafted subtitle files. A proof-of-concept exploit is publicly available, and while the EPSS score of 0.07% suggests low exploitation probability overall, the availability of working exploit code elevates practical risk for systems processing untrusted subtitle content.

A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin that allows reading past allocated memory boundaries when parsing specially crafted MP4 files. This affects GStreamer through version 1.26.1 and can lead to information disclosure of heap memory contents. A public proof-of-concept exploit is available, though the EPSS score of 0.09% suggests relatively low exploitation likelihood in the wild.

A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin (qtdemux_parse_tree function) when parsing MP4 files, affecting versions through 1.26.1. The vulnerability allows local attackers with user-level privileges who can trick a user into opening a malicious MP4 file to disclose sensitive heap memory contents and potentially cause application crashes. Publicly available proof-of-concept code exists, and while the EPSS score of 0.02% indicates low exploitation probability overall, the presence of public exploits and the information disclosure capability warrant prompt patching.

GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.

A stack-based buffer overflow vulnerability exists in GStreamer's H265 codec parsing functionality that allows remote attackers to execute arbitrary code on affected systems. The vulnerability occurs when processing malformed H265 slice headers, enabling attackers to overflow a fixed-length stack buffer and potentially take control of the application processing the media content. With an EPSS score of 0.61% (69th percentile) and a CVSS score of 8.8, this represents a significant risk for applications using GStreamer for video processing, though it requires user interaction to exploit.

A local privilege escalation vulnerability in GStreamer's installer allows attackers with low-privileged access to escalate to higher privileges due to incorrect folder permissions. The vulnerability affects all versions of GStreamer and enables arbitrary code execution in the context of a target user. With a low EPSS score of 0.01% and no KEV listing, this vulnerability has limited evidence of active exploitation in the wild.

A null pointer dereference vulnerability in GStreamer's subtitle parsing functionality allows remote attackers to crash applications processing malformed LRC (lyric) files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when parsing subtitle files missing expected ']' characters, resulting in denial of service. With a relatively low EPSS score of 0.08% and no known active exploitation, this represents a moderate risk primarily to media applications using GStreamer for subtitle processing.

A use-after-free vulnerability in GStreamer's Matroska demuxer allows remote attackers to cause denial of service or potentially disclose sensitive information by sending specially crafted Matroska media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing CodecPrivate elements in Matroska streams. No active exploitation has been reported (not in KEV), and no public proof-of-concept exists, though the network-accessible nature and low complexity make it a credible threat.

An out-of-bounds read vulnerability exists in GStreamer's WAV parser that allows remote attackers to read up to 4GB of process memory or cause a denial of service through crashes. The vulnerability affects GStreamer versions prior to 1.24.10 and requires no authentication to exploit over the network. With an EPSS score of only 0.08%, real-world exploitation appears limited, and no known proof-of-concept or active exploitation has been reported.

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to read 4 bytes of memory beyond buffer boundaries when processing specially crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can lead to information disclosure or application crashes when parsing malicious media files. While no active exploitation has been reported and the vulnerability is not listed in CISA's KEV catalog, the network-based attack vector and lack of authentication requirements make this a significant security concern for applications using GStreamer for media processing.

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to crash applications or potentially leak sensitive memory contents when processing maliciously crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication through network-accessible media processing applications. While no active exploitation has been observed in the wild (not in KEV), the vulnerability has a high CVSS score of 9.1 and detailed technical analysis is publicly available.

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to crash applications or potentially leak sensitive memory contents when processing malformed WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication through network-accessible applications using the library. While no public exploits or KEV listings exist, the high CVSS score of 9.1 reflects the potential for both denial of service and information disclosure impacts.

A critical out-of-bounds read vulnerability exists in GStreamer's AVI subtitle parsing functionality, allowing remote attackers to read sensitive memory contents and potentially crash applications. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when processing maliciously crafted AVI files with subtitle chunks. With a CVSS score of 9.1 and requiring no authentication or user interaction for exploitation, this represents a severe risk for applications using GStreamer for media processing.

A critical out-of-bounds write vulnerability exists in GStreamer's Vorbis parser that allows remote code execution by processing malicious media files. The flaw affects all GStreamer versions prior to 1.24.10 and enables attackers to overwrite up to 380 bytes of memory beyond array boundaries, potentially leading to arbitrary code execution without authentication. The vulnerability has been assigned a maximum CVSS score of 9.8, indicating critical severity with network-based exploitation possible.

A null pointer dereference vulnerability exists in GStreamer's GdkPixbuf decoder that occurs when processing specially crafted media files, causing the application to crash with a segmentation fault. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to trigger a denial of service without authentication or user interaction. While rated CVSS 9.8, this appears to be primarily a DoS vulnerability despite the high confidentiality/integrity scores, with no evidence of active exploitation in the wild or inclusion in CISA's KEV catalog.

A stack-based buffer overflow vulnerability exists in GStreamer's Opus audio decoder that allows remote attackers to execute arbitrary code by overwriting the instruction pointer (EIP) on the stack. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered when processing specially crafted Opus audio streams with more than 64 channels. While not currently listed in CISA KEV and with no public exploit code identified, the vulnerability has a critical CVSS score of 9.8 due to its remote exploitability without authentication.

A critical integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) leads to memory corruption and arbitrary code execution when processing specially crafted media files. The vulnerability affects all GStreamer versions prior to 1.24.10, allowing remote attackers to execute arbitrary code without authentication by providing malicious media content. With a CVSS score of 9.8 and patches available, this represents a severe risk for applications using GStreamer for media processing.

A null pointer dereference vulnerability exists in GStreamer's Matroska demuxer that allows remote attackers to cause a denial of service crash. The flaw occurs when processing malformed Matroska media files with invalid capability values, leading to a null pointer dereference in the gst_matroska_demux_update_tracks function. With an EPSS score of 0.11% and no known active exploitation, this represents a moderate real-world risk primarily affecting media processing applications.

A null pointer dereference vulnerability in GStreamer's Matroska demuxer can cause application crashes when processing specially crafted media files. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to trigger denial of service without authentication. With an EPSS score of only 0.08% and no known active exploitation or public proof-of-concept, this represents a moderate-priority denial of service issue rather than a critical security emergency.

A null pointer dereference vulnerability exists in GStreamer's Matroska demuxer component, specifically in the gst_matroska_demux_parse_blockgroup_or_simpleblock function. GStreamer versions prior to 1.24.10 are affected, allowing remote attackers to cause denial of service by sending specially crafted Matroska (MKV) media files without authentication. With an EPSS score of 0.10% (28th percentile), exploitation probability is currently low, though proof-of-concept details are publicly available through GitHub Security Lab.

A buffer overflow vulnerability in GStreamer's media discovery component allows remote attackers to read sensitive stack memory and potentially crash applications. The flaw occurs when processing media files with more than 64 audio channels, causing the format_channel_mask function to read beyond array bounds. With a CVSS score of 9.1 and network-based attack vector requiring no authentication, this represents a critical risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.

A null pointer dereference vulnerability in GStreamer's JPEG decoder component allows remote attackers to cause a denial of service by triggering a segmentation fault when processing specially crafted media content. The vulnerability affects GStreamer versions prior to 1.24.10 and has a low exploitation probability (EPSS 0.07%) with no known active exploitation in the wild. While the CVSS score is high (7.5), the impact is limited to availability only, making this a medium-priority issue for most organizations.

An out-of-bounds read vulnerability exists in GStreamer's qtdemux component that allows reading 4 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be exploited remotely without authentication to potentially expose sensitive information or cause application crashes. With a CVSS score of 9.1 and network-based attack vector, this represents a significant risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.

An out-of-bounds read vulnerability exists in GStreamer's MP4 demuxer that allows remote attackers to read up to 8 bytes beyond allocated memory boundaries when processing malformed MP4 files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by serving a malicious MP4 file, potentially exposing sensitive memory contents or causing application crashes. A proof-of-concept file (GHSL-2024-245_crash1.mp4) has been publicly disclosed, and while not currently in CISA's KEV catalog, the vulnerability has a critical CVSS score of 9.1.

An out-of-bounds read vulnerability in GStreamer's QuickTime demuxer allows remote attackers to read up to 4GB of process memory or crash the application when processing malformed media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by supplying specially crafted QuickTime files. While not currently in CISA's Known Exploited Vulnerabilities catalog, the low EPSS score of 0.08% suggests limited exploitation in the wild despite the availability of detailed technical advisories.

An integer underflow vulnerability in GStreamer's qtdemux component allows remote attackers to trigger out-of-bounds memory reads, potentially causing application crashes or denial of service. The flaw occurs when processing malformed media files with specific atom structures, affecting all GStreamer versions prior to 1.24.10. With an EPSS score of 0.11% and no known active exploitation, this represents a moderate risk primarily for applications processing untrusted media content.

An integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) allows remote attackers to trigger an out-of-bounds memory read, potentially causing application crashes or denial of service. The vulnerability affects GStreamer versions prior to 1.24.10 and occurs when parsing malformed QuickTime/MP4 files where a size calculation can result in negative values, leading to large memory copy operations. With an EPSS score of 0.13% and no known active exploitation or public POC, this represents a moderate risk primarily to applications processing untrusted media files.

A null pointer dereference vulnerability exists in the GStreamer multimedia framework's qtdemux_parse_sbgp function, allowing remote attackers to cause denial of service through crafted media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing malicious QuickTime/MP4 files. With an EPSS score of 0.10% and no known KEV listing, this represents a moderate stability risk primarily relevant for applications processing untrusted media content.

An out-of-bounds read vulnerability exists in GStreamer's QuickTime demuxer (qtdemux.c) that allows attackers to read up to 4GB of process memory or trigger a denial of service via crafted media files. GStreamer versions prior to 1.24.10 are affected. With an EPSS score of only 0.08% (24th percentile), active exploitation appears unlikely despite the network-accessible attack vector and lack of required privileges.

A null pointer dereference vulnerability exists in the GStreamer multimedia framework's ID3v2 tag parsing functionality, specifically in the id3v2_read_synch_uint function. The vulnerability allows remote attackers to cause a Denial of Service (DoS) through a segmentation fault without requiring authentication or user interaction. A public proof-of-concept exploit is available from GitHub Security Lab (GHSL-2024-235), though EPSS scoring indicates only a 0.08% probability of active exploitation in the wild (23rd percentile).

An out-of-bounds write vulnerability exists in GStreamer's SSA subtitle parser (gstssaparse.c) that occurs when malformed SubStation Alpha style override codes contain a closing curly bracket before an opening bracket. This triggers progressively larger memory writes via memmove(), leading to memory corruption and denial of service. A public proof-of-concept exploit is available from GitHub Security Lab (GHSL-2024-228), though the EPSS score remains relatively low at 0.09% (25th percentile), indicating limited observed exploitation activity in the wild.

An uninitialized stack variable vulnerability in GStreamer's Matroska demuxer leads to function pointer hijacking when processing malformed media files with specific size conditions. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by crafting malicious Matroska/WebM files. With a critical CVSS score of 9.8 and being tagged as RCE, this represents a severe risk for applications using GStreamer for media processing.

An out-of-bounds write vulnerability in GStreamer's isomp4/qtdemux.c allows remote attackers to overwrite up to 3 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be exploited without authentication over the network, potentially leading to remote code execution. While no active exploitation has been reported (not in KEV), the vulnerability has a critical CVSS score of 9.8 and patches are available.

A stack buffer overflow vulnerability exists in GStreamer's Vorbis audio decoder that allows remote attackers to execute arbitrary code without authentication. The flaw occurs when processing malicious Vorbis audio files with more than 64 channels, leading to stack memory corruption and potential control over the instruction pointer (EIP). While not currently in CISA's Known Exploited Vulnerabilities catalog, the vulnerability has a critical CVSS score of 9.8 and patches are available.

An integer overflow vulnerability in GStreamer's QuickTime demuxer leads to out-of-bounds memory writes when processing malicious media files with crafted sample count values. The vulnerability affects all GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by serving specially crafted media files. With a critical CVSS score of 9.8 and network-based attack vector, this presents a severe risk for applications using GStreamer for media processing.

A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1-encoded video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-severity issue for applications using GStreamer for video processing.

An integer overflow vulnerability in GStreamer's EXIF metadata parsing functionality allows remote attackers to execute arbitrary code when processing malicious media files containing crafted EXIF data. The vulnerability affects GStreamer versions 1.24.0 and 1.24.1, requiring user interaction to trigger but potentially leading to full system compromise in the context of the running process. With an EPSS score of 3.61% (88th percentile) indicating moderate real-world exploitation likelihood and patches available, this represents a significant risk for applications using GStreamer for media processing.

A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1 video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, though attack vectors may vary depending on implementation. With an EPSS score of 9.18% (93rd percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is not currently listed in CISA's KEV catalog.

A use-after-free vulnerability in GStreamer's MXF (Material Exchange Format) video file parser allows remote attackers to execute arbitrary code when processing specially crafted MXF files. The vulnerability affects all GStreamer installations and requires user interaction such as opening a malicious video file, with an EPSS score of 4.17% indicating moderate real-world exploitation likelihood. While not currently in CISA's KEV catalog, the vulnerability has a patch available and was discovered through responsible disclosure by the Zero Day Initiative.

A heap-based buffer overflow vulnerability exists in GStreamer's AV1 codec parsing functionality that allows remote attackers to execute arbitrary code. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious AV1 video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-risk vulnerability for applications using GStreamer for media processing.

A stack-based buffer overflow vulnerability in GStreamer's H265 video parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted H265 encoded video files. The vulnerability affects all GStreamer installations and requires user interaction (such as opening a malicious video file) but can lead to full system compromise in the context of the running application. With an EPSS score of 6.22% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, and patches are available from the vendor.

A critical integer overflow vulnerability in GStreamer's MXF (Material Exchange Format) video file parser allows remote attackers to execute arbitrary code on affected systems. The vulnerability affects all versions of GStreamer prior to the patched releases and requires user interaction (opening a malicious MXF file) to exploit, with an EPSS score of 4.28% indicating moderate real-world exploitation likelihood. While not currently listed in CISA's Known Exploited Vulnerabilities catalog, the vulnerability has a high CVSS score of 8.8 and patches are available from the vendor.

A critical integer overflow vulnerability in GStreamer's MXF (Material eXchange Format) video file parser allows remote attackers to execute arbitrary code when processing specially crafted media files. The vulnerability affects all versions of GStreamer prior to the patched releases and requires user interaction (such as opening a malicious video file) to exploit, with an EPSS score of 6.53% indicating moderate real-world exploitation likelihood. While not currently listed in CISA's KEV catalog, the vulnerability has a high CVSS score of 8.8 and patches are available from the vendor.

An integer overflow vulnerability in GStreamer's RealMedia file parsing functionality allows remote attackers to execute arbitrary code when processing malicious MDPR chunks. The vulnerability affects GStreamer version 1.22.3 and potentially earlier versions, requiring user interaction to trigger but potentially exploitable through various attack vectors depending on implementation. With an EPSS score of 4.97% (90th percentile), this vulnerability poses a significant exploitation risk and has patches available from the vendor.

A critical integer overflow vulnerability exists in GStreamer's RealMedia file parser that allows remote code execution when processing specially crafted MDPR chunks. The vulnerability affects GStreamer version 1.22.3 and potentially earlier versions, enabling attackers to execute arbitrary code in the context of the current process through maliciously crafted RealMedia files. With an EPSS score of 4.54% (89th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it requires user interaction to trigger.

A heap-based buffer overflow vulnerability in GStreamer's SRT subtitle file parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted SRT files. The vulnerability affects all versions of GStreamer and requires user interaction (such as opening a malicious subtitle file), making it particularly dangerous for media players and applications that use GStreamer for subtitle processing. With an EPSS score of 4.74% (89th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.

A heap-based buffer overflow vulnerability in GStreamer's PGS (Presentation Graphic Stream) subtitle file parser allows remote attackers to execute arbitrary code when processing malicious subtitle files. The vulnerability affects all GStreamer installations and requires user interaction to exploit, typically by opening a media file with crafted PGS subtitles. With an EPSS score of 7.71% (92nd percentile), this vulnerability represents a significant exploitation risk in the wild.

A critical integer overflow vulnerability in GStreamer's FLAC file parsing functionality allows remote attackers to execute arbitrary code when processing malicious FLAC audio files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction (opening/processing a malicious file) to exploit. With an EPSS score of 5.34% (90th percentile), this vulnerability poses a significant real-world risk, though no active exploitation has been reported in KEV.

A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service or potentially execute arbitrary code through heap memory corruption. The vulnerability affects GStreamer versions prior to the patched releases and requires user interaction to process a malicious media file. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation probability at 0.06%.

A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska_decompress_data function when processing MKV files with HEADERSTRIP decompression. While the matroskaparse element lacks proper size checks making it vulnerable, the more commonly used matroskademux element has restrictions that prevent exploitation. A proof-of-concept exploit is publicly available, though the EPSS score indicates a relatively low (4%) probability of real-world exploitation.

A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denial of service or potentially enable heap memory corruption when processing specially crafted MKV files with LZO compression. The vulnerability affects GStreamer versions prior to the patched releases and has been assigned a high CVSS score of 7.8, with proof-of-concept code publicly available. While the EPSS score indicates relatively low exploitation probability at 0.06%, the availability of public exploit code and the widespread use of GStreamer in multimedia applications makes this a significant concern for affected systems.

An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation faults or potentially allow heap memory corruption when processing malformed MKV files with bzip compression. The vulnerability affects GStreamer versions prior to patches released in 2022, with proof-of-concept exploits publicly available and an EPSS score of 0.04% indicating low but non-zero exploitation probability. While not currently in CISA's KEV catalog, the vulnerability requires only local access with user interaction to exploit, achieving high impact across confidentiality, integrity, and availability.

An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory corruption when processing specially crafted MKV files with zlib-compressed data. The vulnerability affects GStreamer versions prior to the patched releases and requires local access with user interaction to exploit. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation likelihood at 0.06%.

An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when parsing malicious AVI files, potentially leading to arbitrary code execution. The vulnerability affects GStreamer on Debian Linux systems and requires user interaction to exploit (opening a malicious file). A public proof-of-concept exploit is available, though real-world exploitation remains low with an EPSS score of 0.06%.

An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption when parsing specially crafted Matroska video files. The vulnerability affects GStreamer versions across multiple Linux distributions and can lead to arbitrary code execution through heap overwrite, requiring only local access and user interaction to open a malicious file. A public proof-of-concept exploit is available, though real-world exploitation remains relatively low with an EPSS score of 0.07%.

GStreamer versions prior to 1.18.4 contain an out-of-bounds read vulnerability when processing malformed ID3v2 tags, potentially leading to denial of service through information disclosure or application crash. The vulnerability affects GStreamer itself and multiple NetApp products (Active IQ Unified Manager, E-Series Santricity, OnCommand suite, and HCI Management Node) that embed or depend on GStreamer libraries. An attacker can trigger this vulnerability by crafting a malicious audio file with specially formatted ID3v2 metadata and providing it to an application that uses the affected GStreamer library, though the EPSS score of 0.13% (32nd percentile) suggests limited real-world exploitation likelihood despite the moderate CVSS 5.5 rating.

A heap corruption vulnerability exists in GStreamer media framework versions before 1.18.4 when parsing malformed Matroska (MKV) video files. An attacker can craft a malicious Matroska file that, when processed by a vulnerable GStreamer installation, triggers heap memory corruption leading to potential code execution with the privileges of the application using GStreamer. While not known to be actively exploited in the wild (not in KEV), a public proof-of-concept exploit is available and the EPSS score of 0.24% indicates moderate exploitation likelihood.

A use-after-free vulnerability exists in GStreamer's Matroska demuxer that can be triggered when processing malformed video files, potentially allowing attackers to execute arbitrary code or cause application crashes. The vulnerability affects GStreamer versions before 1.18.4 and requires local access with user interaction to exploit. With an EPSS score of only 0.18% and no KEV listing, this vulnerability has low real-world exploitation probability despite its high CVSS score of 7.8.

A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to execute arbitrary code by sending a specially crafted response from a malicious RTSP server. The vulnerability affects all GStreamer versions prior to 1.16.0 and requires user interaction (connecting to a malicious server), with a CVSS score of 8.8 indicating high severity. While no active exploitation has been confirmed (not in KEV), the vulnerability has been publicly disclosed with security advisories available, and the attack vector is relatively straightforward for attackers with RTSP protocol knowledge.

This is an out-of-bounds read vulnerability in GStreamer's gst-plugins-bad MPEG demuxer component that allows remote attackers to crash applications by sending specially crafted MPEG Program Stream Map (PSM) data. The vulnerability affects GStreamer installations across multiple Linux distributions including Debian 8.0/9.0 and Red Hat Enterprise Linux 7.x variants. With an EPSS score of 6.52% (91st percentile), this vulnerability has a moderately elevated probability of exploitation in the wild, though no active exploitation or KEV listing is indicated.

A buffer overflow vulnerability in GStreamer's ASF demuxer component allows remote attackers to trigger out-of-bounds heap reads when processing malformed extended content descriptors in ASF media files. The vulnerability affects GStreamer gst-plugins-ugly and can cause denial of service through application crashes when parsing specially crafted media content. With an EPSS score of 3.07% (87th percentile), this vulnerability has moderate real-world exploitation likelihood but no known active exploitation in the wild.

A out-of-bounds read vulnerability exists in GStreamer's ASF demuxer (gst-plugins-ugly) that allows remote attackers to trigger a denial of service by crafting malicious video files with specially crafted extended stream properties containing an invalid number of languages. GStreamer versions before 1.10.3 are affected, and the vulnerability is triggered through local user interaction with a malicious media file, resulting in application crashes due to invalid memory access. While EPSS scoring indicates relatively low exploitation probability (0.80%, 74th percentile), this is a straightforward denial of service with clear triggering mechanisms.

A memory safety vulnerability in the AVI demuxer component of GStreamer allows remote attackers to crash applications by providing a malformed AVI file with a malicious ncdt sub-tag. GStreamer versions before 1.10.3 are affected across multiple distributions. With an EPSS score of 3.11% (87th percentile), this vulnerability has moderate real-world exploitation probability, though no active exploitation (KEV listing) has been reported.

A floating point exception vulnerability exists in GStreamer's gst_riff_create_audio_caps function within gst-plugins-base versions prior to 1.10.3, allowing remote attackers to trigger a denial of service crash by supplying a specially crafted ASF (Advanced Systems Format) audio file. The vulnerability requires user interaction (file opening) but no elevated privileges, making it exploitable through common media playback scenarios. With an EPSS score of 0.72 (72nd percentile) and confirmed patch availability from the vendor, this represents a moderate real-world risk primarily affecting applications and systems that process untrusted media files.

Multiple use-after-free vulnerabilities exist in GStreamer's handling of MXF (Material eXchange Format) media files, affecting versions prior to 1.10.3. Remote attackers can exploit these flaws by crafting malicious MXF files that trigger memory corruption in functions handling stream tags (gst_mini_object_unref, gst_tag_list_unref, and gst_mxf_demux_update_essence_tracks), causing application crashes and denial of service. With an EPSS score of 7.13% (91st percentile), this vulnerability has moderate real-world exploitation probability, though no KEV listing indicates limited active exploitation.

A out-of-bounds write vulnerability exists in the SAMI subtitle parser (samiparse.c) within GStreamer's gst-plugins-base library before version 1.10.3, triggered when processing maliciously crafted SMI subtitle files. The vulnerability allows remote attackers to cause a denial of service condition by crashing the application through memory corruption. With an EPSS score of 0.80% (74th percentile), patch availability from the vendor, and documented proof-of-concept files (OneNote_Manager.smi), this represents a low-to-moderate exploitation risk despite the moderate CVSS 5.5 score.

An out-of-bounds heap read vulnerability exists in the gst_avi_demux_parse_ncdt function within the GStreamer gst-plugins-good component when parsing malformed AVI files containing crafted ncdt tags. GStreamer versions prior to 1.10.3 are affected, allowing remote attackers to cause denial of service without authentication or user interaction. With an EPSS score of 3.11% (87th percentile), the vulnerability shows moderate real-world exploitation likelihood, and patches are available from the vendor.

A buffer overflow vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to cause denial of service through out-of-bounds heap memory reads. The vulnerability affects GStreamer versions before 1.10.3 and can be triggered by processing specially crafted MP4 files, making it a concern for applications that process untrusted media content. With an EPSS score of 6.86% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.

A stack overflow vulnerability exists in the GStreamer multimedia framework's RIFF media handling component, where improper recursion limits when processing nested WAVEFORMATEX structures can cause denial of service crashes. The vulnerability affects GStreamer versions before 1.10.3 and allows remote attackers to crash applications using the framework without authentication. With an EPSS score of 3.04% (87th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is limited to denial of service impact only.

A heap buffer overflow vulnerability exists in GStreamer multimedia framework versions before 1.10.3, where malformed ISO8601 datetime strings can trigger out-of-bounds memory reads. The vulnerability affects the gst_date_time_new_from_iso8601_string function and allows remote attackers to cause denial of service conditions without requiring authentication. With an EPSS score of 2.76% (86th percentile), this vulnerability has above-average likelihood of exploitation, though it is not currently listed in CISA KEV.

A floating-point exception vulnerability exists in the gst_riff_create_audio_caps function within GStreamer's gst-plugins-base library, allowing remote attackers to trigger a denial-of-service condition by crafting malicious video files. GStreamer versions before 1.10.3 are affected. The vulnerability has a moderate CVSS score of 5.5 but an EPSS percentile of 72%, indicating meaningful exploitation probability; a vendor patch is available.

A memory safety vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to trigger an out-of-bounds read when processing malformed tag values in media files. The vulnerability affects GStreamer versions before 1.10.3 and can cause application crashes when parsing specially crafted MP4/MOV files. With an EPSS score of 3.13% (87th percentile), this vulnerability has moderate exploitation likelihood in the wild.

An invalid memory read vulnerability exists in the gst_aac_parse_sink_setcaps function within GStreamer's AAC audio parser component (gst-plugins-good). Remote attackers can trigger a denial of service by providing a specially crafted AAC audio file, causing the application to crash. With an EPSS score of 0.76% (73rd percentile) and low attack complexity requiring only user interaction to open a malicious file, this vulnerability represents a moderate practical risk despite the moderate CVSS 5.5 score.

A vulnerability in the ROM mappings of the NSF decoder in GStreamer 0.10.x allows remote attackers to trigger out-of-bounds memory access through crafted NSF music files, potentially leading to arbitrary code execution or denial of service. The vulnerability affects all GStreamer 0.10.x versions and requires user interaction to open a malicious NSF file. With an EPSS score of 0.48% (65th percentile) and proof-of-concept exploit code publicly available, this represents a moderate real-world risk for systems processing untrusted media files.

The GStreamer multimedia framework contains an uninitialized memory vulnerability in its VMNC (VMware VNC) decoder that allows remote attackers to read sensitive information from process memory. When processing specially crafted VMNC video files (such as a single-frame movie that doesn't draw to the canvas), the decoder exposes uninitialized memory contents that may contain passwords, cryptographic keys, or other sensitive data from the application's memory space. A proof-of-concept exploit exists and has been publicly disclosed, with an EPSS score of 1.28% indicating moderate real-world exploitation likelihood.

An integer overflow vulnerability exists in the vmnc decoder component of GStreamer that allows remote attackers to trigger a buffer overflow and crash the application. GStreamer version 1.10.0 is confirmed affected, with exploitation requiring no authentication or user interaction over the network. A public proof-of-concept exploit exists (published on Scary Beasts Security blog), and EPSS indicates a 2.41% probability of exploitation in the wild (85th percentile), making this a moderate real-world risk.

A buffer over-read vulnerability exists in GStreamer's H.264 video decoding implementation that affects Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey on Linux systems. Remote attackers can trigger a denial of service (application crash) or potentially execute arbitrary code by crafting malicious H.264 video data within an m4v file. With an EPSS score of 7.61% (92nd percentile) and patches available from vendors, this vulnerability represents a moderate exploitation risk despite its CVSS 6.8 rating, indicating real-world prioritization is warranted for affected Linux deployments.

A critical integer overflow vulnerability exists in GStreamer's gst-plugins-base package before version 0.10.23, allowing remote attackers to execute arbitrary code through specially crafted COVERART tags in Vorbis audio files. The vulnerability triggers when base64-encoded cover art data causes an integer overflow during memory allocation, leading to a heap buffer overflow with full code execution potential. With an EPSS score of 2.82% (86th percentile) and patches available since 2009, this represents a high-severity but dated vulnerability that may still affect legacy systems.