Export limit exceeded: 366885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366885 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-47601 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 7.5 High
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.
CVE-2024-47600 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 9.1 Critical
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
CVE-2024-47599 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 7.5 High
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
CVE-2024-47597 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 9.1 Critical
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.
CVE-2015-0797 6 Debian, Gstreamer, Linux and 3 more 16 Debian Linux, Gstreamer, Linux Kernel and 13 more 2026-03-17 N/A
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
CVE-2016-10198 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
CVE-2016-10199 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
CVE-2016-9445 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 7.5 High
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
CVE-2016-9446 3 Fedoraproject, Gstreamer, Redhat 9 Fedora, Gstreamer, Enterprise Linux and 6 more 2026-03-17 7.5 High
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2016-9447 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVE-2017-5837 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
CVE-2017-5838 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
CVE-2017-5839 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
CVE-2017-5840 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
CVE-2017-5841 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
CVE-2017-5842 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
CVE-2017-5843 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
CVE-2017-5844 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
CVE-2017-5845 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
CVE-2017-5846 1 Gstreamer 1 Gstreamer 2026-03-17 N/A
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.