Gstreamer
This hub aggregates every CVE we track for Gstreamer, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
105
CVEs tracked
20
Critical
69
High
0
In CISA KEV
Severity distribution
HIGH69CRITICAL20MEDIUM16
Monthly trend
0
0
0
0
0
29
0
0
0
0
2
0
1
5
0
0
0
0
0
0
11
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Gstreamer.
- CVE-2026-1940Gstreamer: incomplete fix of cve-2026-19405.1
- CVE-2026-3084GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability7.8
- CVE-2026-2921GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability7.8
- CVE-2026-3083GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability8.8
- CVE-2026-3086GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability7.8
- CVE-2026-3085GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability8.8
- CVE-2026-3082GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability7.8
- CVE-2026-3081GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability7.8
- CVE-2026-2923GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability7.8
- CVE-2026-2922GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability7.8
- CVE-2026-2920GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability7.8
- CVE-2025-47806In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.5.6
- CVE-2025-47219In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.8.1
- CVE-2025-47807In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.5.5
- CVE-2025-47183In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.6.6
Product normalization is registry-driven with AI assist and human review. How it works