📦

gst-plugins-good

Vendor: freedesktop

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.04% Exploit Prob.

Latest CVE CVE-2026-46470 May 14

Security Vulnerability Index

Page 1 / 1

4.0 CVSS

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

EPSS: 0.04%

Severity: MEDIUM

May 14, 2026

4.0 CVSS

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

EPSS: 0.01%

Severity: MEDIUM

May 14, 2026

5.1 CVSS

CVE-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

EPSS: 0.06%

Severity: MEDIUM

Mar 23, 2026

Displaying 3 of 3 Total Entries

Total 1 Sections