Export limit exceeded: 21107 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21107 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5847 | 2 Debian, Gstreamer | 2 Debian Linux, Gstreamer | 2026-03-17 | 7.5 High |
| The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | ||||
| CVE-2024-47777 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | 9.1 Critical |
| GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10. | ||||
| CVE-2023-37328 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | 8.8 High |
| GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994. | ||||
| CVE-2022-1923 | 3 Debian, Gstreamer, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2026-03-17 | 7.8 High |
| DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | ||||
| CVE-2017-5848 | 3 Debian, Gstreamer, Redhat | 9 Debian Linux, Gstreamer, Enterprise Linux and 6 more | 2026-03-17 | 7.5 High |
| The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | ||||
| CVE-2017-5846 | 1 Gstreamer | 1 Gstreamer | 2026-03-17 | N/A |
| The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | ||||
| CVE-2017-5845 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | N/A |
| The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. | ||||
| CVE-2017-5840 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | N/A |
| The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. | ||||
| CVE-2017-5838 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | N/A |
| The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | ||||
| CVE-2023-37329 | 1 Gstreamer | 1 Gstreamer | 2026-03-17 | 8.8 High |
| GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968. | ||||
| CVE-2016-9445 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | 7.5 High |
| Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | ||||
| CVE-2025-3887 | 3 Debian, Gstreamer, Redhat | 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more | 2026-03-17 | 8.8 High |
| GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596. | ||||
| CVE-2017-5842 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | N/A |
| The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | ||||
| CVE-2022-1920 | 3 Debian, Gstreamer, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2026-03-17 | 7.8 High |
| Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. | ||||
| CVE-2022-1922 | 3 Debian, Gstreamer, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2026-03-17 | 7.8 High |
| DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | ||||
| CVE-2021-3522 | 3 Gstreamer, Netapp, Oracle | 12 Gstreamer, Active Iq Unified Manager, E-series Santricity Os Controller and 9 more | 2026-03-17 | 5.5 Medium |
| GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | ||||
| CVE-2022-1924 | 3 Debian, Gstreamer, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2026-03-17 | 7.8 High |
| DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | ||||
| CVE-2024-47775 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | 9.1 Critical |
| GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10. | ||||
| CVE-2017-5841 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | N/A |
| The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | ||||
| CVE-2023-40476 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-03-17 | 8.8 High |
| GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21768. | ||||