Several security issues were fixed in GStreamer Bad Plugins.
Software Description:
- gst-plugins-bad1.0: GStreamer plugins
Details:
It was discovered that the AV1 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444)
It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-3887)
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 gstreamer1.0-plugins-bad 1.26.0-1ubuntu2.1 libgstreamer-plugins-bad1.0-0 1.26.0-1ubuntu2.1 Ubuntu 24.10 gstreamer1.0-plugins-bad 1.24.8-2ubuntu1.1 libgstreamer-plugins-bad1.0-0 1.24.8-2ubuntu1.1 Ubuntu 24.04 LTS gstreamer1.0-plugins-bad 1.24.2-1ubuntu4+esm1 Available with Ubuntu Pro libgstreamer-plugins-bad1.0-0 1.24.2-1ubuntu4+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS gstreamer1.0-plugins-bad 1.20.3-0ubuntu1.1+esm2 Available with Ubuntu Pro libgstreamer-plugins-bad1.0-0 1.20.3-0ubuntu1.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS gstreamer1.0-plugins-bad 1.16.3-0ubuntu1.1+esm1 Available with Ubuntu Pro libgstreamer-plugins-bad1.0-0 1.16.3-0ubuntu1.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7558-1
CVE-2023-50186, CVE-2024-0444, CVE-2025-3887
Get the latest Linux and open source security news straight to your inbox.