Known Vulnerabilities for products from GStreamer
Listed below are 20 of the newest known vulnerabilities associated with the vendor "GStreamer".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-2921 json | GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to ex... | Not Provided | 2026-03-16 | 2026-03-29 |
| CVE-2026-1940 json | An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a si... | Not Provided | 2026-03-23 | 2026-05-04 |
| CVE-2025-68175 json | Not Provided | 2025-12-16 | 2026-04-02 | |
| CVE-2025-47219 json | In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while par... | Not Provided | 2025-08-07 | 2026-05-12 |
| CVE-2016-10199 json | The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote at... | Not Provided | 2017-02-09 | 2026-03-17 |
| CVE-2016-10198 json | The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allo... | Not Provided | 2017-02-09 | 2026-03-17 |
| CVE-2016-9813 json | The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service ... | Not Provided | 2017-01-13 | 2025-04-20 |
| CVE-2016-9812 json | The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denia... | Not Provided | 2017-01-13 | 2025-04-20 |
| CVE-2016-9811 json | The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allo... | Not Provided | 2017-01-13 | 2025-04-20 |
| CVE-2016-9810 json | The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remot... | Not Provided | 2017-01-13 | 2025-04-20 |
| CVE-2016-9809 json | Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecifi... | Not Provided | 2017-01-13 | 2025-04-20 |
| CVE-2016-9808 json | The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and cra... | Not Provided | 2017-01-13 | 2025-04-20 |
| CVE-2016-9807 json | The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of... | Not Provided | 2017-01-13 | 2025-04-20 |
| CVE-2016-9636 json | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer befor... | Not Provided | 2017-01-27 | 2025-04-20 |
| CVE-2016-9635 json | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer befor... | Not Provided | 2017-01-27 | 2025-04-20 |
| CVE-2016-9634 json | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer befor... | Not Provided | 2017-01-27 | 2025-04-20 |
| CVE-2016-9447 json | The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds re... | Not Provided | 2017-01-23 | 2026-03-17 |
| CVE-2016-9446 json | The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive in... | Not Provided | 2017-01-23 | 2026-03-17 |
| CVE-2016-9445 json | Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large ... | Not Provided | 2017-01-23 | 2026-03-17 |
| CVE-2015-0797 json | GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on ... | Not Provided | 2015-05-14 | 2026-05-06 |