Search Results (14544 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3498 3 Debian, Gstreamer, Redhat 3 Debian Linux, Gstreamer, Enterprise Linux 2026-03-17 7.8 High
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
CVE-2017-5842 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
CVE-2023-50186 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 8.8 High
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
CVE-2023-37328 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 8.8 High
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994.
CVE-2023-37329 1 Gstreamer 1 Gstreamer 2026-03-17 8.8 High
GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.
CVE-2024-47607 2 Gstreamer, Redhat 7 Gstreamer, Enterprise Linux, Rhel Aus and 4 more 2026-03-17 9.8 Critical
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
CVE-2016-9447 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVE-2022-1920 3 Debian, Gstreamer, Redhat 3 Debian Linux, Gstreamer, Enterprise Linux 2026-03-17 7.8 High
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
CVE-2019-9928 3 Canonical, Debian, Gstreamer 3 Ubuntu Linux, Debian Linux, Gstreamer 2026-03-17 N/A
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2025-27243 1 Intel 13 Ethernet Controller, Ethernet Controller E810, Ethernet Network Adapter E810-2cqda2 and 10 more 2026-03-17 6 Medium
Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-54820 1 Fortinet 1 Fortimanager 2026-03-12 7 High
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
CVE-2025-36920 1 Google 1 Android 2026-03-12 8.4 High
In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-41766 2 Mbs, Mbs-solutions 7 Ubr-01 Mk Ii, Ubr-02, Ubr-lon and 4 more 2026-03-11 8.8 High
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
CVE-2025-70241 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
CVE-2025-70240 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
CVE-2025-70239 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
CVE-2025-70237 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
CVE-2025-70234 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
CVE-2025-47373 1 Qualcomm 377 Ar8035, Ar8035 Firmware, Cologne and 374 more 2026-03-09 7.8 High
Memory Corruption when accessing buffers with invalid length during TA invocation.
CVE-2025-32313 1 Google 1 Android 2026-03-06 8.4 High
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.