Описание
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gst-plugins-good1.0 | fixed | 1.26.2-1 | package | |
| gst-plugins-good1.0 | fixed | 1.22.0-5+deb12u3 | bookworm | package |
| gst-plugins-good1.0 | postponed | bullseye | package |
Примечания
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
https://gstreamer.freedesktop.org/security/sa-2025-0004.html
For 1.26.y major refactoring fixing the issue:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8929
For older branches:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9137
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b80803943388050cb870c95934fc52feeffb94ac (1.24.13)
EPSS
Связанные уязвимости
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
Уязвимость плагина gst-plugins-good мультимедийного фреймворка Gstreamer, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS