Discovery API Icon
Discovery API
Security Advisory Icon
Security Advisory
Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-47806

Published: June 3, 2025Last modified: August 6, 2025

Description

In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.

Severity score breakdown

ParameterValue
Base score5.6
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgst-plugins-baseFixed (1.20.7-r2)
25 LTSgst-plugins-baseFixed (1.26.3-r0)
Streamgst-plugins-baseFixed (1.26.2-r0)

References

ON THIS PAGE