GStreamer
open source multimedia framework
Home
Features
News
Annual Conference
Planet (Blogs)
Download
Applications
Security Center
GitLab
Developers
Documentation
Forum
File a Bug
Artwork
Follow us on Bluesky
Follow us on Mastodon
Chat with us on Matrix

Security Center

Security Contacts

Security notifications or problems should be reported in GitLab by filing an issue and marking it as confidential before submitting it (if you follow the link on the left the confidential checkbox should already be ticked).

If you have patches, please attach them to the confidential issue and not via a merge requests, as merge requests are always public immediately.

The GStreamer project encourages responsible disclosure of security issues.

Security Advisories

ID Summary Date
GStreamer-SA-2025-0007
ZDI-CAN-27381
CVE-2025-6663		 Stack buffer overflow in H.266 video parser 2025-06-26 23:55 Details
GStreamer-SA-2025-0006
CVE-2025-47806		 Stack buffer overflow in SubRip subtitle parser 2025-05-29 23:55 Details
GStreamer-SA-2025-0005
CVE-2025-47183		 Out-of-bounds read in MOV/MP4 demuxer II 2025-05-29 23:55 Details
GStreamer-SA-2025-0004
CVE-2025-47219		 Out-of-bounds read in MOV/MP4 demuxer I 2025-05-29 23:55 Details
GStreamer-SA-2025-0003
CVE-2025-47808		 NULL-pointer dereference in TMPlayer subtitle parser 2025-05-29 23:55 Details
GStreamer-SA-2025-0002
CVE-2025-47807		 NULL-pointer dereference in SubRip subtitle parser 2025-05-29 23:55 Details
GStreamer-SA-2025-0001
ZDI-CAN-26596
CVE-2025-3887		 Stack buffer-overflow in H.265 codec parser during slice header parsing 2025-04-24 18:00 Details
GStreamer-SA-2024-0030
GHSL-2024-280
CVE-2024-47834		 Use-after-free in Matroska demuxer 2024-12-03 23:30 Details
GStreamer-SA-2024-0029
GHSL-2024-263
CVE-2024-47835		 NULL-pointer dereference in LRC subtitle parser 2024-12-03 23:30 Details
GStreamer-SA-2024-0028
GHSL-2024-262
CVE-2024-47774		 Integer overflow in AVI subtitle parser that leads to out-of-bounds reads 2024-12-03 23:30 Details
GStreamer-SA-2024-0027
GHSL-2024-261, GHSL-2024-260, GHSL-2024-259, GHSL-2024-258
CVE-2024-47778, CVE-2024-47777, CVE-2024-47776, CVE-2024-47775		 Various out-of-bounds reads in WAV parser 2024-12-03 23:30 Details
GStreamer-SA-2024-0026
GHSL-2024-117
CVE-2024-47615		 Out-of-bounds write in Ogg demuxer 2024-12-03 23:30 Details
GStreamer-SA-2024-0025
GHSL-2024-118
CVE-2024-47613		 NULL-pointer dereference in gdk-pixbuf decoder 2024-12-03 23:30 Details
GStreamer-SA-2024-0024
GHSL-2024-116
CVE-2024-47607		 Stack buffer-overflow in Opus decoder 2024-12-03 23:30 Details
GStreamer-SA-2024-0023
GHSL-2024-228
CVE-2024-47541		 Out-of-bounds write in SSA subtitle parser 2024-12-03 23:30 Details
GStreamer-SA-2024-0022
GHSL-2024-115
CVE-2024-47538		 Stack buffer-overflow in Vorbis decoder 2024-12-03 23:30 Details
GStreamer-SA-2024-0021
GHSL-2024-251
CVE-2024-47603		 NULL-pointer dereference in Matroska/WebM demuxer 2024-12-03 23:30 Details
GStreamer-SA-2024-0020
GHSL-2024-249
CVE-2024-47601		 NULL-pointer dereference in Matroska/WebM demuxer 2024-12-03 23:30 Details
GStreamer-SA-2024-0019
GHSL-2024-250
CVE-2024-47602		 NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer 2024-12-03 23:30 Details
GStreamer-SA-2024-0018
GHSL-2024-248
CVE-2024-47600		 Out-of-bounds read in gst-discoverer-1.0 commandline tool 2024-12-03 23:30 Details
GStreamer-SA-2024-0017
GHSL-2024-197
CVE-2024-47540		 Usage of uninitialized stack memory in Matroska/WebM demuxer 2024-12-03 23:30 Details
GStreamer-SA-2024-0016
GHSL-2024-247
CVE-2024-47599		 Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences 2024-12-03 23:30 Details
GStreamer-SA-2024-0015
GHSL-2024-244
CVE-2024-47596		 Integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads 2024-12-03 23:30 Details
GStreamer-SA-2024-0014
GHSL-2024-166
CVE-2024-47606		 Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes 2024-12-03 23:30 Details
GStreamer-SA-2024-0013
GHSL-2024-243
CVE-2024-47546		 Integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads 2024-12-03 23:30 Details
GStreamer-SA-2024-0012
GHSL-2024-245
CVE-2024-47597		 Out-of-bounds reads in MP4/MOV demuxer sample table parser 2024-12-03 23:30 Details
GStreamer-SA-2024-0011
GHSL-2024-238, GHSL-2024-239, GHSL-2024-240
CVE-2024-47544		 NULL-pointer dereferences in MP4/MOV demuxer CENC handling 2024-12-03 23:30 Details
GStreamer-SA-2024-0010
GHSL-2024-242
CVE-2024-47545		 Integer overflow in MP4/MOV demuxer that can result in out-of-bounds read 2024-12-03 23:30 Details
GStreamer-SA-2024-0009
GHSL-2024-236
CVE-2024-47543		 MP4/MOV demuxer out-of-bounds read 2024-12-03 23:30 Details
GStreamer-SA-2024-0008
GHSL-2024-235
CVE-2024-47542		 ID3v2 parser out-of-bounds read and NULL-pointer dereference 2024-12-03 23:30 Details
GStreamer-SA-2024-0007
GHSL-2024-195
CVE-2024-47539		 MP4/MOV Closed Caption handling out-of-bounds write 2024-12-03 23:30 Details
GStreamer-SA-2024-0006
GHSL-2024-246
CVE-2024-47598		 MP4/MOV sample table parser out-of-bounds read 2024-12-03 23:30 Details
GStreamer-SA-2024-0005
GHSL-2024-094, GHSL-2024-237, GHSL-2024-241
CVE-2024-47537		 Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes 2024-12-03 23:30 Details
GStreamer-SA-2024-0004
CVE-2024-44331		 RTSP server: Potential Denial-of-Service (DoS) with specially crafted client requests 2024-10-29 18:00 Details
GStreamer-SA-2024-0003
JVN#02030803 / JPCERT#92912620
CVE-2024-40897		 Orc compiler stack-based buffer overflow 2024-07-19 12:30 Details
GStreamer-SA-2024-0002
ZDI-CAN-23896
CVE-2024-4453		 Integer overflow in EXIF metadata parser leading to potential heap overwrite 2024-04-29 20:00 Details
GStreamer-SA-2024-0001
ZDI-CAN-22873
CVE-2024-0444		 AV1 codec parser potential buffer overflow during tile list parsing 2024-01-24 20:00 Details
GStreamer-SA-2023-0011
ZDI-CAN-22300
CVE-2023-50186		 AV1 codec parser buffer overflow 2023-12-18 14:00 Details
GStreamer-SA-2023-0010
ZDI-CAN-22299
CVE-2023-44446		 MXF demuxer use-after-free 2023-11-13 12:00 Details
GStreamer-SA-2023-0009
ZDI-CAN-22226
CVE-2023-44429		 AV1 codec parser buffer overflow 2023-11-13 12:00 Details
GStreamer-SA-2023-0008
ZDI-CAN-21768
CVE-2023-40476		 Integer overflow in H.265 video parser leading to stack overwrite 2023-09-20 20:00 Details
GStreamer-SA-2023-0007
ZDI-CAN-21661
CVE-2023-40475		 Integer overflow leading to heap overwrite in MXF file handling with AES3 audio 2023-09-20 20:00 Details
GStreamer-SA-2023-0006
ZDI-CAN-21660
CVE-2023-40474		 Integer overflow leading to heap overwrite in MXF file handling with uncompressed video 2023-09-20 20:00 Details
GStreamer-SA-2023-0005
ZDI-CAN-21444		 Integer overflow leading to heap overwrite in RealMedia file handling 2023-07-20 14:00 Details
GStreamer-SA-2023-0004
ZDI-CAN-21443		 Integer overflow leading to heap overwrite in RealMedia file handling 2023-07-20 14:00 Details
GStreamer-SA-2023-0003
ZDI-CAN-20994
CVE-2023-37329		 Heap overwrite in PGS subtitle overlay decoder 2023-06-20 18:00 Details
GStreamer-SA-2023-0002
ZDI-CAN-20968
CVE-2023-37328		 Heap overwrite in subtitle parsing 2023-06-20 18:00 Details
GStreamer-SA-2023-0001
ZDI-CAN-20775
CVE-2023-37327		 Integer overflow leading to heap overwrite in FLAC image tag handling 2023-06-20 18:00 Details
GStreamer-SA-2022-0004
CVE-2022-1920		 Potential heap overwrite in gst_matroska_demux_add_wvpk_header 2022-06-15 23:00 Details
GStreamer-SA-2022-0003
CVE-2022-2122		 Potential heap overwrite in mp4 demuxing using zlib decompression 2022-06-15 23:00 Details
GStreamer-SA-2022-0002
CVE-2022-1922
CVE-2022-1923
CVE-2022-1924
CVE-2022-1925		 Potential heap overwrite in mkv demuxing using zlib/bz2/lzo decompression 2022-06-15 23:00 Details
GStreamer-SA-2022-0001
CVE-2022-1921		 Heap overwrite in avi demuxing 2022-06-15 23:00 Details
GStreamer-SA-2021-0005 Stack overflow in gst_ffmpeg_channel_layout_to_gst() 2021-03-15 16:00 Details
GStreamer-SA-2021-0004 Out-of-bounds read in realmedia demuxing 2021-03-15 16:00 Details
GStreamer-SA-2021-0003
CVE-2021-3498		 Heap corruption in matroska demuxing 2021-03-15 16:00 Details
GStreamer-SA-2021-0002
CVE-2021-3497		 Use-after-free in matroska demuxing 2021-03-15 16:00 Details
GStreamer-SA-2021-0001
CVE-2021-3522		 Out-of-bounds read in ID3v2 tag parsing 2021-03-15 16:00 Details
GStreamer-SA-2019-0001
CVE-2019-9928		 Buffer overflow in RTSP parsing 2019-04-22 00:30 Details
GStreamer-SA-2016-0002
CVE-2016-9634
CVE-2016-9635
CVE-2016-9636
CVE-2016-9807		 Multiple Issues in FLC/FLI/FLX Decoder 2016-11-23 03:00 Details
GStreamer-SA-2016-0001
CVE-2016-9445
CVE-2016-9446		 Multiple Issues in VMNC decoder 2016-11-17 16:00 Details

Report a problem on this page.