| Package | gst-plugins-good1.0 |
|---|---|
| Version | 1.14.4-1+deb10u5 (buster) |
| Related CVEs | CVE-2025-47183 CVE-2025-47219 |
gst-plugin-good a set of plugins for gstreamer was affected by multiple vulnerabilties.
CVE-2025-47183
The isomp4 plugin's qtdemux_parse_tree() function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
CVE-2025-47219
The isomp4 plugin's qtdemux_parse_trak() function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
For Debian 10 buster, these problems have been fixed in version 1.14.4-1+deb10u5.
We recommend that you upgrade your gst-plugins-good1.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.