CVE-2026-12893

NameCVE-2026-12893
Descriptiongstreamer1-libav: gstreamer1-libav: NULL pointer dereference in gstavdemux.c error handler
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gst-libav1.0 (PTS)bullseye1.18.4-3undetermined
bookworm1.22.0-2undetermined
trixie1.26.2-1undetermined
trixie (security)1.26.2-1+deb13u1undetermined
forky, sid1.28.4-1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gst-libav1.0source(unstable)undetermined

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2491322 (not yet public)
https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/78
check, from Red Hat only association with GStreamer gst-libav plugin is known

Search for package or bug name: Reporting problems