Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: FEDORA-2025-2a36564bd2 critical: gstreamer buffer overflow

fedora
Calendar Grey May 31, 2025
Dist Fedora Esm H88
A critical stack overflow vulnerability in the GStreamer H265 codec on Fedora 41 poses remote execution risks. Follow the steps to secure your system against potential exploits
backport fix for CVE-2025-3887 (resolves rhbz#2367919)

Summary

GStreamer is a streaming media framework, based on graphs of elements which

operate on media data.

This package contains plug-ins that aren't tested well enough, or the code

is not of good enough quality.

Update Information:

backport fix for CVE-2025-3887 (resolves rhbz#2367919)

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora code execution remote execution gstreamer

Change Log

* Thu May 22 2025 Dominik Mierzejewski - 1.24.11-2 - backport fix for CVE-2025-3887 (resolves rhbz#2367919)

References


[ 1 ] Bug #2367919 - CVE-2025-3887 GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2367919

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2a36564bd2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gstreamer1-plugins-bad-free
Product: Fedora 41
Version: 1.24.11
Release: 2.fc41
URL: http://gstreamer.freedesktop.org/
Summary: GStreamer streaming media framework "bad" plugins

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora code execution remote execution gstreamer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here