CVE-2025-6663

Name of the Vulnerable Software and Affected Versions: GStreamer (affected versions not specified)

Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with the library is required for exploitation, with attack vectors varying based on implementation. The flaw resides within the parsing of H266 sei messages, stemming from insufficient validation of user-supplied data length before copying it to a fixed-length stack-based buffer. An attacker can leverage this to execute code within the current process context.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.