Primary

Context

GStreamer Plugins Good MP4 Audio Track Parsing Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in GStreamer gst-plugins-good versions prior to 1.28.2. The issue arises in the isomp4 plugin's qtdemux_audio_caps function, which improperly validates atom data when parsing MP4 audio tracks. This lack of validation allows for division operations to be performed on zero values, leading to integer division by zero and causing a crash.

Impact

Exploitation of this vulnerability leads to a crash of the application, causing a denial-of-service condition. Additionally, the out-of-bounds memory accesses could potentially allow for information disclosure.

Remediation

Users can upgrade to GStreamer gst-plugins-good version 1.28.2 to address this vulnerability. Instructions for downloading this version are available on the GStreamer website.

Added: May 14, 2026, 6:21 PM

Updated: May 14, 2026, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GStreamer Plugins Good MP4 Audio Track Parsing Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GStreamer gst-plugins-good

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating