Debian 11: gst-plugins-good Critical Info Disclosure Advisory DLA-4419-1
debian lts
December 25, 2025
Multiple vulnerabilities were found in the plugins for the GStreamer media framework leading to information disclosure
Topics Covered
Summary
CVE-2025-47183
In GStreamer, the isomp4 plugin's qtdemux_parse_tree function may
read past the end of a heap buffer while parsing an MP4 file,
leading to information disclosure.
CVE-2025-47219
In GStreamer, the isomp4 plugin's qtdemux_parse_trak function may
read past the end of a heap buffer while parsing an MP4 file,
possibly leading to information disclosure.
For Debian 11 bullseye, these problems have been fixed in version
1.18.4-2+deb11u4.
We recommend that you upgrade your gst-plugins-good1.0 packages.
For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/gst-plugins-good1.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: gst-plugins-good1.0
Version: 1.18.4-2+deb11u4
CVE ID: CVE-2025-47183 CVE-2025-47219
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!