Security Advisory 2025-0005 (CVE-2025-47183)


Summary	Out-of-bounds read in MOV/MP4 demuxer
Date	2025-05-29 23:30
Affected Versions	GStreamer gst-plugins-good < 1.26.2
IDs	GStreamer-SA-2025-0005 CVE-2025-47183

Details

An Out-of-bounds read in the MOV/MP4 demuxer that can cause crashes or potentially information leaks for certain input files.

Impact

It is possible for a malicious third party to trigger an Out-of-bounds read that can result in a crash of the application or potentially information leaks.

Solution

The gst-plugins-good 1.26.2 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References

The GStreamer project

https://gstreamer.freedesktop.org

CVE Database Entries

CVE-2025-47183

GStreamer releases

1.26 (current stable)

GStreamer 1.26.2 release notes
GStreamer Plugins Good 1.26.2

Patches

Patch