| Package | gst-plugins-base1.0 |
|---|---|
| Version | 1.10.4-1+deb9u6 (stretch), 1.14.4-2+deb10u5 (buster) |
| Related CVEs | CVE-2025-47806 CVE-2025-47807 CVE-2025-47808 |
Multiple vulnerabilities were found in the plugins for the GStreamer media framework leading to a crash.
CVE-2025-47806
In GStreamer, the subparse plugin's parse_subrip_time function
may write data past the bounds of a stack buffer, leading to
a crash.
CVE-2025-47807
In GStreamer, the subparse plugin's subrip_unescape_formatting
function may dereference a NULL pointer while parsing a subtitle
file, leading to a crash.
CVE-2025-47808
In GStreamer, the subparse plugin's tmplayer_parse_line function may
dereference a NULL pointer while parsing a subtitle file, leading to
a crash.
For Debian 10 buster, these problems have been fixed in version 1.14.4-2+deb10u5.
For Debian 9 stretch, these problems have been fixed in version 1.10.4-1+deb9u6.
We recommend that you upgrade your gst-plugins-base1.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.