[security - high] gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update
エラータID: AXSA:2026-1181:01
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.
Security Fix(es):
* GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920)
* GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082)
* GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085)
* GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921)
* GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083)
* GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer (CVE-2026-2922)
* GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-2920
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.
CVE-2026-2921
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854.
CVE-2026-2922
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of video packets. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28845.
CVE-2026-2923
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of coordinates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28838.
CVE-2026-3082
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of Huffman tables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28840.
CVE-2026-3083
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payload elements. When parsing the packetid element, the process does not properly validate user-supplied data, which can result in a write past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28850.
CVE-2026-3085
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
Update packages.
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854.
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of video packets. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28845.
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of coordinates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28838.
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of Huffman tables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28840.
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payload elements. When parsing the packetid element, the process does not properly validate user-supplied data, which can result in a write past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28850.
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
N/A
SRPMS
- gstreamer1-plugins-bad-free-1.22.12-7.el9.src.rpm
MD5: 772128a56d129585e738d10979a3c8dd
SHA-256: 74485c257c97bf0d309e437b0187437bef3fa2466e4e9a27c5fe73c295d8ff1b
Size: 5.32 MB - gstreamer1-plugins-base-1.22.12-8.el9.src.rpm
MD5: ce21be6662f78d8a634a7da8c2a6a988
SHA-256: 1808b94eade8c038bfbe9cf43058a71877bd0e437f01906f702624f775a689cc
Size: 2.30 MB - gstreamer1-plugins-good-1.22.12-7.el9.src.rpm
MD5: 85bc57e699038d21820db954ac2a6055
SHA-256: e56e9ebebe46898c9a450279c61d51ea07eb4c0c45d8ff9ad8d9392eb782d849
Size: 2.76 MB - gstreamer1-plugins-ugly-free-1.22.12-6.el9.src.rpm
MD5: 5eefcbdecdc2259b3c5d6738d404e11e
SHA-256: 6f73a543d7ddf4e6f263b22ecc6957e197a8850da669cf8289f411b636e6160e
Size: 266.28 kB
Asianux Server 9 for x86_64
- gstreamer1-plugins-bad-free-1.22.12-7.el9.i686.rpm
MD5: 00a7e2820cd27a87202bf248076ed7f3
SHA-256: 90c57b4ddc409b2bfbcbed80b8301bb37a7ff37cb086c38f3ab957f86a6fab32
Size: 2.56 MB - gstreamer1-plugins-bad-free-1.22.12-7.el9.x86_64.rpm
MD5: 7bbc36e3fd172d14b36e1d0dde1dd627
SHA-256: ec432dc33d97dd388c45d7152d39b42b2a73f60229c699f8218e04e5e626cfba
Size: 2.48 MB - gstreamer1-plugins-bad-free-devel-1.22.12-7.el9.i686.rpm
MD5: c2de8583f4e3b5a100fea02e7f2d6e93
SHA-256: 728f59c479d6d823918110ce601c0a05e882d60b5720ef69bd2448cfe307bfee
Size: 313.49 kB - gstreamer1-plugins-bad-free-devel-1.22.12-7.el9.x86_64.rpm
MD5: 7a8424ed58093fb7d44588512f332eb9
SHA-256: 014ad11062a041a5ca2a608026e73462270372045261f79a569cbdd09fb0ea68
Size: 313.56 kB - gstreamer1-plugins-bad-free-libs-1.22.12-7.el9.i686.rpm
MD5: a9c7f299ef1e14edf44ac8beaf9af144
SHA-256: 097db3a7ff08799bf105feb208ddc2c80423039ab0cc27152cbda9e9d15f9017
Size: 764.68 kB - gstreamer1-plugins-bad-free-libs-1.22.12-7.el9.x86_64.rpm
MD5: 942485698d97b4db17e05fd02164a626
SHA-256: 1a60f1581a3e88a0c23b7960552f225f811161dceaefc6c6bc714fc9463fb7e1
Size: 765.23 kB - gstreamer1-plugins-base-1.22.12-8.el9.i686.rpm
MD5: c595b67e6f6e373d6c1635d86fd65f97
SHA-256: d4f9df32bbe2228c463d6c387b0f947deb6f346c4f0a61131fe8ffe151cd27f2
Size: 2.29 MB - gstreamer1-plugins-base-1.22.12-8.el9.x86_64.rpm
MD5: 19978df0d3768f4e281adf6f9286017f
SHA-256: 48b26e1e4d83712148a2e03bef597b8cae16fa99b1a88b4275e780f3d94aa841
Size: 2.23 MB - gstreamer1-plugins-base-devel-1.22.12-8.el9.i686.rpm
MD5: 785893666d38809fc80f29876e7674ab
SHA-256: 5ac7d28e214813eb4d1daa45b426233625168502e93f08ee6dc7271346265716
Size: 522.47 kB - gstreamer1-plugins-base-devel-1.22.12-8.el9.x86_64.rpm
MD5: 5f42b7da003f41c87333927cce34a00e
SHA-256: 3cc704dc055c982cfbc657c105ee6661eec162589d01de22376ea080d6e5ca18
Size: 522.84 kB - gstreamer1-plugins-base-tools-1.22.12-8.el9.x86_64.rpm
MD5: 43c4bc2f89a5b732bd727596a230a42f
SHA-256: 0aaffd8c055c4ed1529d72b2fbf16a83bd389f467d56818a4b3bec1089fb3087
Size: 44.71 kB - gstreamer1-plugins-good-1.22.12-7.el9.i686.rpm
MD5: 4fe41ed0fb90eb8fd5ff7a64039d93b5
SHA-256: 466ec3ad74e32e00f432dcec48c2c1795a056f8ebe342fc263acc659284d1cad
Size: 2.49 MB - gstreamer1-plugins-good-1.22.12-7.el9.x86_64.rpm
MD5: a955af0ddae6d9422de0a71cb776f1cb
SHA-256: 060bafa2b150763d64bf65b549cdcec9c9474bac0ac48c6745a8e4311ab0f4d1
Size: 2.40 MB - gstreamer1-plugins-good-gtk-1.22.12-7.el9.i686.rpm
MD5: c268835f9aec5e994697e43cf4551e30
SHA-256: f3e81fa55d358eb5c821f7c7bc4ca2dac896ff88fe5ffbe6c76000805b6fd0bc
Size: 34.01 kB - gstreamer1-plugins-good-gtk-1.22.12-7.el9.x86_64.rpm
MD5: a1a6bc681d875e3fe8826aa768ed089c
SHA-256: 35d0add32a2131283624e11de3be2ce6b02ee8004c752e8bc6ff590d199902d8
Size: 32.81 kB - gstreamer1-plugins-ugly-free-1.22.12-6.el9.i686.rpm
MD5: 41577b7f886eb1ce32efa87c5ec19085
SHA-256: 5632670b8bb843a32d91a88cfd47208e530f2be1ef9f27f24170c91fff0af609
Size: 287.97 kB - gstreamer1-plugins-ugly-free-1.22.12-6.el9.x86_64.rpm
MD5: 37d6fd93511138047eb309b89b9f39ef
SHA-256: bbf6314c9d9a2658149554afe417d719f2a7bc239aeb418755a35c594d96b17d
Size: 278.86 kB