Primary

Context

GStreamer gst-plugins-good MP4 Audio Track Parsing Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in GStreamer gst-plugins-good versions prior to 1.28.2. The issue arises in the isomp4 plugin's qtdemux_parse_trak function, which fails to properly validate atom data when parsing MP4 audio tracks. This lack of validation allows for division operations to be performed on zero values, leading to integer division by zero and causing application crashes.

Impact

Exploitation of this vulnerability leads to a crash of the application. The out-of-bounds reads could potentially allow for information disclosure.

Remediation

Users can upgrade to GStreamer gst-plugins-good version 1.28.2 or apply the available patch and recompile.

Added: May 14, 2026, 6:21 PM

Updated: May 14, 2026, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GStreamer gst-plugins-good MP4 Audio Track Parsing Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GStreamer gst-plugins-good

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating