Gstreamerproject Gstreamerproject

  1. Vendors
  2. Gstreamerproject

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Gstreamerproject product.

RSS Feeds for Gstreamerproject security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Gstreamerproject products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Gstreamerproject Sorted by Most Security Vulnerabilities since 2018

Gstreamerproject Gstreamer67 vulnerabilities

Gstreamerproject Gst Rtsp Server1 vulnerability

By the Year

In 2025 there have been 8 vulnerabilities in Gstreamerproject with an average score of 6.7 out of ten. Last year, in 2024 Gstreamerproject had 42 security vulnerabilities published. Right now, Gstreamerproject is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 1.98




Year Vulnerabilities Average Score
2025 8 6.65
2024 42 8.63
2023 0 0.00
2022 7 7.80
2021 3 7.03
2020 1 7.50
2019 1 8.80

It may take a day or so for new Gstreamerproject vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gstreamerproject Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-47806 Aug 07, 2025
GStreamer 1.26.1 Subparse Stack Buffer Overflow (CVE-2025-47806) In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
Gstreamer
CVE-2025-47808 Aug 07, 2025
GStreamer before 1.26.2 NULL PTR Deref in subparse plugin -> Crash In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
Gstreamer
CVE-2025-47219 Aug 07, 2025
GStreamer <=1.26.1 isomp4 Heap Buffer Overread Info Disclosure In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
Gstreamer
CVE-2025-47183 Aug 07, 2025
GStreamer 1.26.1 isomp4 OOB Read – Info Disclosure In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
Gstreamer
CVE-2025-47807 Aug 07, 2025
GStreamer 1.26.1 subparse plugin NULL deref crash In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
Gstreamer
CVE-2025-6663 Jul 07, 2025
GStreamer H266 Parsing Stack Buffer Overflow RCE GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27381.
Gstreamer
CVE-2025-2759 May 22, 2025
GStreamer LPE via Installer Permission Misconfiguration GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.
Gstreamer
CVE-2025-3887 May 22, 2025
GStreamer H265 Codec Parsing Stack BOverflow CVE-2025-3887 GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.
Gstreamer
CVE-2024-47777 Dec 12, 2024
GStreamer OOB read in gst_wavparse_smpl_chunk, fixed in 1.24.10 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.
Gstreamer
CVE-2024-47778 Dec 12, 2024
GStreamer OOB-Read in gst_wavparse_adtl_chunk (1.24.9) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
Gstreamer
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.