Information on source package gst-plugins-bad1.0

Available versions

buster (security)1.14.4-1+deb10u5
bullseye (security)1.18.4-3+deb11u3
bookworm (security)1.22.0-4+deb12u3

Open issues

CVE-2023-44446fixedfixedfixedvulnerablefixedMXF demuxer use-after-free
CVE-2023-44429fixedfixedfixedvulnerablefixedAV1 codec parser buffer overflow
CVE-2023-40476fixedfixedfixedvulnerablefixedInteger overflow in H.265 video parser leading to stack overwrite
CVE-2023-40475fixedfixedfixedvulnerablefixedInteger overflow leading to heap overwrite in MXF file handling with AES3 audio
CVE-2023-40474fixedfixedfixedvulnerablefixedInteger overflow leading to heap overwrite in MXF file handling with uncompressed video

Resolved issues

TEMP-0000000-C6AAE1Catch overflows in AVC/HEVC NAL unit length calculations
CVE-2023-37329Heap overwrite in PGS subtitle overlay decoder
CVE-2021-3185A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...
CVE-2017-5848The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...
CVE-2017-5843Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...
CVE-2016-9813The _parse_pat function in the mpegts parser in GStreamer before 1.10. ...
CVE-2016-9812The gst_mpegts_section_new function in the mpegts decoder in GStreamer ...
CVE-2016-9809Off-by-one error in the gst_h264_parse_set_caps function in GStreamer ...
CVE-2016-9446The vmnc decoder in the gstreamer does not initialize the render canva ...
CVE-2016-9445Integer overflow in the vmnc decoder in the gstreamer allows remote at ...

Security announcements

DSA / DLADescription
DLA-3673-1gst-plugins-bad1.0 - security update
DSA-5565-1gst-plugins-bad1.0 - security update
DLA-3633-1gst-plugins-bad1.0 - security update
DSA-5533-1gst-plugins-bad1.0 - security update
DLA-3503-1gst-plugins-bad1.0 - security update
DSA-5444-1gst-plugins-bad1.0 - security update
DLA-2642-1gst-plugins-bad1.0 - security update
DSA-4902-1gst-plugins-bad1.0 - security update
DSA-4833-2gst-plugins-bad1.0 - regression update
DLA-2528-1gst-plugins-bad1.0 - security update
DSA-4833-1gst-plugins-bad1.0 - security update
DSA-3818-1gst-plugins-bad1.0 - security update
DSA-3717-1gst-plugins-bad1.0 - security update

Search for package or bug name: Reporting problems