CVE-2026-1940

NameCVE-2026-1940
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1130059

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gst-plugins-bad1.0 (PTS)bullseye1.18.4-3+deb11u4vulnerable
bullseye (security)1.18.4-3+deb11u5vulnerable
bookworm, bookworm (security)1.22.0-4+deb12u6vulnerable
trixie1.26.2-3vulnerable
forky1.26.10-2vulnerable
sid1.28.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gst-plugins-bad1.0source(unstable)1.28.1-11130059

Notes

https://gstreamer.freedesktop.org/security/sa-2026-0001.html
Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1171ae8ac218ea85f8dc41203a2ee146ff322a20 (main)
Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3564405b6919469427750f6b89d4abbe43534fa2 (main)
Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c73a1f4427ecb2e77d00fdd9576bd9864cfaba97 (main)
Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8822ee3b2397d865c21cbbd8e36fb2d64d6ab380 (main)
Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/081484ec99aa75fe24b3286d88e1f1280deea56a (main)
Search for package or bug name: Reporting problems