Home/Product/gstreamer
Product

gstreamer

107 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1940
< 1.28.1
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size va
5.1MEDIUM
 CVE-2026-3086
< 1.28.1
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers t
7.8HIGH
 CVE-2026-3085
< 1.28.1
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers
8.8HIGH
 CVE-2026-3084
< 1.28.1
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to
7.8HIGH
 CVE-2026-3083
< 1.28.1
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exec
8.8HIGH
 CVE-2026-3082
< 1.28.1
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t
7.8HIGH
 CVE-2026-3081
< 1.28.1
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote att
7.8HIGH
 CVE-2026-2923
< 1.28.1
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe
7.8HIGH
 CVE-2026-2922
< 1.28.1
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to
7.8HIGH
 CVE-2026-2921
< 1.28.1
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute
7.8HIGH
 CVE-2026-2920
< 1.28.1
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t
7.8HIGH
 CVE-2025-47808
< 1.26.2
In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a sub
5.6MEDIUM
 CVE-2025-47807
< 1.26.2
In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsin
5.5MEDIUM
 CVE-2025-47806
< 1.26.2
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, le
5.6MEDIUM
 CVE-2025-47219
< 1.26.2
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing
8.1HIGH
 CVE-2025-47183
< 1.26.2
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing
6.6MEDIUM
 CVE-2025-6663
>= 1.26.0 and < 1.26.3
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote att
7.8HIGH
 CVE-2025-3887
>= 1.0.0 and < 1.26.1
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote att
8.8HIGH
 CVE-2025-2759
< 1.25.1
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to e
7.8HIGH
 CVE-2024-47835
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been det
7.5HIGH
 CVE-2024-47834
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discove
9.1CRITICAL
 CVE-2024-47778
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_
7.5HIGH
 CVE-2024-47777
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the
9.1CRITICAL
 CVE-2024-47776
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_c
9.1CRITICAL
 CVE-2024-47775
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse
9.1CRITICAL
 CVE-2024-47774
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the
9.1CRITICAL
 CVE-2024-47615
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_pa
9.8CRITICAL
 CVE-2024-47613
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been ide
9.8CRITICAL
 CVE-2024-47607
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_o
9.8CRITICAL
 CVE-2024-47606
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the functio
9.8CRITICAL
 CVE-2024-47603
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been dis
7.5HIGH
 CVE-2024-47602
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been dis
7.5HIGH
 CVE-2024-47601
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been dis
7.5HIGH
 CVE-2024-47600
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the fo
9.1CRITICAL
 CVE-2024-47599
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been dis
7.5HIGH
 CVE-2024-47598
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the
9.1CRITICAL
 CVE-2024-47597
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux
9.1CRITICAL
 CVE-2024-47596
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_
7.5HIGH
 CVE-2024-47546
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_
7.5HIGH
 CVE-2024-47545
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_par
7.5HIGH
 CVE-2024-47544
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affec
7.5HIGH
 CVE-2024-47543
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtde
7.5HIGH
 CVE-2024-47542
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the
7.5HIGH
 CVE-2024-47541
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the
7.5HIGH
 CVE-2024-47540
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has bee
9.8CRITICAL
 CVE-2024-47539
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified i
9.8CRITICAL
 CVE-2024-47538
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vor
9.8CRITICAL
 CVE-2024-47537
< 1.24.10
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed
9.8CRITICAL
 CVE-2024-40897
< 0.4.39
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to proce
6.7MEDIUM
 CVE-2024-0444
< 1.22.0
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote atta
8.8HIGH
 CVE-2024-4453
all versions
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t
7.8HIGH
 CVE-2023-50186
< 1.22.8
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote atta
8.8HIGH
 CVE-2023-44446
< 1.22.7
GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu
8.8HIGH
 CVE-2023-44429
< 1.22.7
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attac
8.8HIGH
 CVE-2023-40476
< 1.22.6
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers
8.8HIGH
 CVE-2023-40475
< 1.22.6
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe
8.8HIGH
 CVE-2023-40474
< 1.22.6
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe
8.8HIGH
 CVE-2023-38104
all versions
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers
8.8HIGH
 CVE-2023-38103
all versions
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers
8.8HIGH
 CVE-2023-37329
< 1.20.7
GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack
8.8HIGH
 CVE-2023-37328
< 1.20.7
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack
8.8HIGH
 CVE-2023-37327
< 1.20.7
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to ex
8.8HIGH
 CVE-2022-2122
< 1.20.3
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate functio
7.8HIGH
 CVE-2022-1925
< 1.20.3
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_m
7.8HIGH
 CVE-2022-1924
< 1.20.3
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompres
7.8HIGH
 CVE-2022-1923
< 1.20.3
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompr
7.8HIGH
 CVE-2022-1922
< 1.20.3
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska
7.8HIGH
 CVE-2022-1921
< 1.20.3
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Poten
7.8HIGH
 CVE-2022-1920
< 1.20.3
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsi
7.8HIGH
 CVE-2021-3522
< 1.18.4
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
5.5MEDIUM
 CVE-2021-3498
>= 1.0.0 and < 1.18.4
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
7.8HIGH
 CVE-2021-3497
>= 0.10.0 and < 1.18.4
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
7.8HIGH
 CVE-2019-9928
< 1.16.0
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, poten
8.8HIGH
 CVE-2017-5848
< 1.11.2
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cau
7.5HIGH
 CVE-2017-5847
< 1.11.2
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote a
7.5HIGH
 CVE-2017-5846
<= 1.10.2
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 a
5.5MEDIUM
 CVE-2017-5845
<= 1.10.2
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attack
7.5HIGH
 CVE-2017-5844
<= 1.10.2
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows re
5.5MEDIUM
 CVE-2017-5843
<= 1.10.2
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_ess
7.5HIGH
 CVE-2017-5842
<= 1.10.2
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote
5.5MEDIUM
 CVE-2017-5841
<= 1.10.2
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attack
7.5HIGH
 CVE-2017-5840
<= 1.10.2
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers
7.5HIGH
 CVE-2017-5839
<= 1.10.2
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not
7.5HIGH
 CVE-2017-5838
<= 1.10.2
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to caus
7.5HIGH
 CVE-2017-5837
<= 1.10.2
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows re
5.5MEDIUM
 CVE-2016-10199
<= 1.10.2
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attacke
7.5HIGH
 CVE-2016-10198
<= 1.10.2
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows re
5.5MEDIUM
 CVE-2016-9636
<= 1.10.1
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.1
9.8CRITICAL
 CVE-2016-9635
<= 1.10.1
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.1
9.8CRITICAL
 CVE-2016-9634
<= 1.10.1
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.1
9.8CRITICAL
 CVE-2016-9447
all versions
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or
7.8HIGH
 CVE-2016-9446
< 1.11.1
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive informa
7.5HIGH
 CVE-2016-9445
all versions
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width
7.5HIGH
 CVE-2016-9813
<= 1.10.1
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL
5.5MEDIUM
 CVE-2016-9812
<= 1.10.1
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of
7.5HIGH
 CVE-2016-9811
<= 1.10.1
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows re
4.7MEDIUM
 CVE-2016-9810
<= 1.10.1
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote att
5.5MEDIUM
 CVE-2016-9809
<= 1.10.1
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified im
7.8HIGH
 CVE-2016-9808
<= 1.10.1
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) v
7.5HIGH
 CVE-2016-9807
<= 1.10.1
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of serv
5.5MEDIUM
 CVE-2015-0797
< 1.4.5
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux
 CVE-2009-1932
all versions
Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/
 CVE-2009-0586
< 0.10.23
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (a
 CVE-2009-0398
all versions
Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.
 CVE-2009-0397
all versions
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plug
 CVE-2009-0387
all versions
Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good)
 CVE-2009-0386
all versions
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plug
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin