| Release | Version |
|---|---|
| bullseye | 1.18.4-3+deb11u4 |
| bullseye (security) | 1.18.4-3+deb11u5 |
| bookworm | 1.22.0-4+deb12u6 |
| trixie | 1.26.2-3 |
| forky | 1.28.1-2 |
| sid | 1.28.1-2 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-3086 | fixed | fixed | vulnerable | fixed | fixed | GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution ... |
| CVE-2026-3084 | fixed | fixed | vulnerable | fixed | fixed | GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution V ... |
| CVE-2026-3082 | vulnerable | vulnerable | vulnerable | fixed | fixed | GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution ... |
| CVE-2026-3081 | fixed | fixed | vulnerable | fixed | fixed | GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code E ... |
| CVE-2026-2923 | vulnerable | vulnerable | vulnerable | fixed | fixed | GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vuln ... |
| CVE-2026-1940 | vulnerable | vulnerable | vulnerable | fixed | fixed |
| Bug | Description |
|---|---|
| TEMP-0000000-C6AAE1 | Catch overflows in AVC/HEVC NAL unit length calculations |
| CVE-2025-6663 | GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code E ... |
| CVE-2025-3887 | GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code E ... |
| CVE-2024-0444 | GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Ex ... |
| CVE-2023-50186 | GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Ex ... |
| CVE-2023-44446 | GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulner ... |
| CVE-2023-44429 | GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Exe ... |
| CVE-2023-40476 | GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Executi ... |
| CVE-2023-40475 | GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vuln ... |
| CVE-2023-40474 | GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vuln ... |
| CVE-2023-37329 | GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Exec ... |
| CVE-2021-3185 | A flaw was found in the gstreamer h264 component of gst-plugins-bad be ... |
| CVE-2017-5848 | The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ... |
| CVE-2017-5843 | Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ... |
| CVE-2016-9813 | The _parse_pat function in the mpegts parser in GStreamer before 1.10. ... |
| CVE-2016-9812 | The gst_mpegts_section_new function in the mpegts decoder in GStreamer ... |
| CVE-2016-9809 | Off-by-one error in the gst_h264_parse_set_caps function in GStreamer ... |
| CVE-2016-9446 | The vmnc decoder in the gstreamer does not initialize the render canva ... |
| CVE-2016-9445 | Integer overflow in the vmnc decoder in the gstreamer allows remote at ... |
| DSA / DLA | Description |
|---|---|
| DLA-4219-1 | gst-plugins-bad1.0 - security update |
| DSA-5941-1 | gst-plugins-bad1.0 - security update |
| DSA-5608-1 | gst-plugins-bad1.0 - security update |
| DSA-5583-1 | gst-plugins-bad1.0 - security update |
| DLA-3673-1 | gst-plugins-bad1.0 - security update |
| DSA-5565-1 | gst-plugins-bad1.0 - security update |
| DLA-3633-1 | gst-plugins-bad1.0 - security update |
| DSA-5533-1 | gst-plugins-bad1.0 - security update |
| DLA-3503-1 | gst-plugins-bad1.0 - security update |
| DSA-5444-1 | gst-plugins-bad1.0 - security update |
| DLA-2642-1 | gst-plugins-bad1.0 - security update |
| DSA-4902-1 | gst-plugins-bad1.0 - security update |
| DSA-4833-2 | gst-plugins-bad1.0 - regression update |
| DLA-2528-1 | gst-plugins-bad1.0 - security update |
| DSA-4833-1 | gst-plugins-bad1.0 - security update |
| DSA-3818-1 | gst-plugins-bad1.0 - security update |
| DSA-3717-1 | gst-plugins-bad1.0 - security update |