gstreamer1-plugins-bad-free-1.22.12-4.el9_6

エラータID: AXSA:2025-10530:02

Release date: 
Tuesday, July 22, 2025 - 12:07
Subject: 
gstreamer1-plugins-bad-free-1.22.12-4.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

* GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-3887)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-3887
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.

Solution: 

Update packages.

CVEs: 
CVE-2025-3887
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.
Additional Info: 

N/A

Download: 

SRPMS
  1. gstreamer1-plugins-bad-free-1.22.12-4.el9_6.src.rpm
    MD5: bc89c71523a3b800ea8ea7bbaf40ea34
    SHA-256: f7c78a469a125a27d96b5214bf13ff8b845820f8445a172c9aa325eaf05e060c
    Size: 5.32 MB

Asianux Server 9 for x86_64
  1. gstreamer1-plugins-bad-free-1.22.12-4.el9_6.i686.rpm
    MD5: b8971f402fb86c202fa163f48b254464
    SHA-256: 92508ac8a90a51ab00510e4f8a3fad1c04576da7112269c4c1965410ae15c323
    Size: 2.58 MB
  2. gstreamer1-plugins-bad-free-1.22.12-4.el9_6.x86_64.rpm
    MD5: e5e7ffc861930164687c1d24fa009278
    SHA-256: 6e2925068729a78ceac51cabb9fddf98edecce2fe6a35ee4c2112ed55a4e55c9
    Size: 2.49 MB
  3. gstreamer1-plugins-bad-free-devel-1.22.12-4.el9_6.i686.rpm
    MD5: 2794ef5e35644939eb5987adce612ce7
    SHA-256: 9f368e5781ceb5f0bdc6daec39bf8b814f1bbc3f7dd169b8e51f5d324b0a2621
    Size: 315.18 kB
  4. gstreamer1-plugins-bad-free-devel-1.22.12-4.el9_6.x86_64.rpm
    MD5: 3f70ba9cf399964be427c64143934b1a
    SHA-256: cd58b38ac356e10ee900e82de0fcb55614439243eab19b7ee75e2bf41d511ac1
    Size: 315.20 kB
  5. gstreamer1-plugins-bad-free-libs-1.22.12-4.el9_6.i686.rpm
    MD5: 7cc5b3e8125a7b1ce7f57a91f8492fdd
    SHA-256: accb8777b19a47dd8a1fe35588a1dbf15c529e417840c053aeebe8121ed4cacd
    Size: 769.36 kB
  6. gstreamer1-plugins-bad-free-libs-1.22.12-4.el9_6.x86_64.rpm
    MD5: aaa866e1a23715a730c647914c9659ff
    SHA-256: e892b3d931b844d5d7632b47fe9029c7ccb7f9f206f7ef16eaa4b635412392e5
    Size: 768.58 kB