PT-2025-26512 · Gstreamer+7 · Isomp4+8

Published

2025-05-29

Updated

2026-05-08

CVE-2025-47219

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GStreamer versions through 1.26.1

Description The qtdemux parse trak function within the isomp4 plugin may read past the end of a heap buffer when parsing an MP4 file, potentially leading to information disclosure.

Recommendations Update to a version beyond 1.26.1.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2025-9417

BDU:2025-14433

BIT-JAVA-2025-47219

BIT-JAVA-MIN-2025-47219

BIT-JRE-2025-47219

CVE-2025-47219

DLA-4419-1

OESA-2025-1705

SUSE-SU-2025:02053-1

SUSE-SU-2025:02058-1

SUSE-SU-2025:02347-1

SUSE-SU-2025_02053-1

SUSE-SU-2025_02058-1

USN-7717-1

USN-7837-1

Affected Products

Alt Linux

Debian

Gstreamer

Java Platform

Linuxmint

Red Os

Suse

Ubuntu

Isomp4

PT-2025-26512 · Gstreamer+7 · Isomp4+8

CVE-2025-47219

Weakness Enumeration

Related Identifiers

Affected Products

References · 47