CVE-2025-47219

Name
CVE-2025-47219
Description
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
cve@mitre.org https://gstreamer.freedesktop.org/security/

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:* gstreamer >= None < 1.26.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gstreamer edge-main 1.26.1-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer edge-main 1.24.12-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer edge-main 1.24.11-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer edge-main 1.24.10-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer edge-main 1.24.9-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer edge-main 1.18.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gstreamer 3.22-main 1.26.1-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer 3.22-main 1.18.4-r0 None possibly vulnerable
gstreamer 3.21-main 1.24.11-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer 3.21-main 1.24.10-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> possibly vulnerable
gstreamer 3.21-main 1.18.4-r0 None possibly vulnerable
gstreamer 3.20-main 1.24.10-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gstreamer 3.20-main 1.24.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gstreamer 3.20-main 1.18.4-r0 None possibly vulnerable
gstreamer 3.19-main 1.22.12-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gstreamer 3.19-main 1.18.4-r0 None possibly vulnerable
gst-plugins-good edge-community 1.26.2-r0 Krassy Boykinov <kboykinov@teamcentrixx.com> fixed
gst-plugins-good 3.22-community 1.26.2-r0 None fixed