CVE-2025-47183

CVSS v3.1

6.6

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions GStreamer versions through 1.26.1

Description The qtdemux parse tree function within the isomp4 plugin may read past the end of a heap buffer when parsing an MP4 file, potentially leading to information disclosure.

Recommendations Update to a version of GStreamer later than 1.26.1.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2025-9417

BDU:2025-14432

BDU:2025-14433

CVE-2025-47183

DLA-4419-1

OESA-2025-2316

SUSE-SU-2025:02053-1

SUSE-SU-2025:02058-1

SUSE-SU-2025:02303-1

SUSE-SU-2025:02347-1

SUSE-SU-2025_02053-1

SUSE-SU-2025_02058-1

SUSE-SU-2025_02303-1

USN-7717-1

Affected Products

Alt Linux

Debian

Gstreamer

Linuxmint

Red Os

Suse

Ubuntu

Isomp4

CVE-2025-47183

Weakness Enumeration

Related Identifiers

Affected Products

References · 48