Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 41: FEDORA-2025-802ec573e7 critical: gstreamer buffer overflow

fedora
Calendar Grey June 8, 2025
Dist Fedora Esm H88
Correction for the GStreamer H265 Codec parsing vulnerability, posing risks of remote code execution, has been implemented in Fedora 41. Ensure you update promptly for improved security.
Backport fix for CVE-2025-3887.

Summary

GStreamer is a streaming media framework, based on graphs of elements which

operate on media data.

This package contains plug-ins that aren't tested

well enough, or the code is not of good enough quality.

Update Information:

Backport fix for CVE-2025-3887.

Change Log

* Fri May 30 2025 Sandro Mani - 1.24.10-3 - Backport patch for CVE-2025-3887 * Fri May 30 2025 Sandro Mani - 1.24.10-2 - Backport fix for CVE-2025-3887

References


[ 1 ] Bug #2367931 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2367931 [ 2 ] Bug #2367933 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367933

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-802ec573e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mingw-gstreamer1-plugins-bad-free
Product: Fedora 41
Version: 1.24.10
Release: 3.fc41
Summary: Cross compiled GStreamer1 plug-ins "bad"

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here