Shaun Mirani - Security Researcher - Exploit Intelligence Platform

CVE-2025-47183 WRITEUP MEDIUM WRITEUP

GStreamer < 1.26.2 - Out-of-bounds Read in isomp4 qtdemux_parse_tree

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.

CVSS 6.6

View Code

CVE-2025-47219 WRITEUP HIGH WRITEUP

GStreamer < 1.26.2 - Out-of-bounds Read in isomp4 qtdemux_parse_trak

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

CVSS 8.1

View Code

CVE-2025-47806 WRITEUP MEDIUM WRITEUP

GStreamer < 1.26.2 - Stack-based Buffer Overflow in subparse Plugin

In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.

CVSS 5.6

View Code

CVE-2025-47807 WRITEUP MEDIUM WRITEUP

GStreamer < 1.26.2 - NULL Pointer Dereference in SubRip Subtitle Parser

In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

CVSS 5.5

View Code

CVE-2025-47808 WRITEUP MEDIUM WRITEUP

GStreamer < 1.26.2 - NULL Pointer Dereference in Subtitle File Parsing

In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

CVSS 5.6

View Code