Vulnerability-Lookup

CVE-2026-46469 (GCVE-0-2026-46469)

Vulnerability from cvelistv5 – Published: 2026-05-14 17:38 – Updated: 2026-05-14 18:42

Summary

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

Severity

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-369 - Divide By Zero

Assigner

mitre

References

2 references

URL	Tags
https://gstreamer.freedesktop.org/security/sa-202…
https://gitlab.freedesktop.org/gstreamer/gstreame…

Impacted products

1 product

Vendor	Product	Version
GStreamer	Good Plug-ins	Affected: 0 , < 1.28.2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-46469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T18:42:50.868268Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T18:42:56.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Good Plug-ins",
          "vendor": "GStreamer",
          "versions": [
            {
              "lessThan": "1.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gstreamer:good_plug-ins:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.28.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin\u0027s qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369 Divide By Zero",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T18:04:43.917Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gstreamer.freedesktop.org/security/sa-2026-0018.html"
        },
        {
          "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-46469",
    "datePublished": "2026-05-14T17:38:44.049Z",
    "dateReserved": "2026-05-14T17:38:43.160Z",
    "dateUpdated": "2026-05-14T18:42:56.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-46469",
      "date": "2026-06-13",
      "epss": "0.00014",
      "percentile": "0.02846"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-46469\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2026-05-14T18:16:50.653\",\"lastModified\":\"2026-05-19T15:15:50.360\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin\u0027s qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.5,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-369\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freedesktop:gst-plugins-good:*:*:*:*:*:gstreamer:*:*\",\"versionEndExcluding\":\"1.28.2\",\"matchCriteriaId\":\"05871681-905F-4145-A3FC-EABC633C66D0\"}]}]}],\"references\":[{\"url\":\"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://gstreamer.freedesktop.org/security/sa-2026-0018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-46469\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-14T18:42:50.868268Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-14T18:42:53.382Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GStreamer\", \"product\": \"Good Plug-ins\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.28.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gstreamer.freedesktop.org/security/sa-2026-0018.html\"}, {\"url\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch\"}], \"x_generator\": {\"engine\": \"CVE-Request-form 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin\u0027s qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-369\", \"description\": \"CWE-369 Divide By Zero\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:gstreamer:good_plug-ins:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.28.2\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2026-05-14T18:04:43.917Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-46469\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T18:42:56.086Z\", \"dateReserved\": \"2026-05-14T17:38:43.160Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2026-05-14T17:38:44.049Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-46469

Vulnerability from fkie_nvd - Published: 2026-05-14 18:16 - Updated: 2026-05-19 15:15

Severity

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	cve@mitre.org	https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch	Patch
	cve@mitre.org	https://gstreamer.freedesktop.org/security/sa-2026-0018.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	freedesktop	gst-plugins-good	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:gst-plugins-good:*:*:*:*:*:gstreamer:*:*",
              "matchCriteriaId": "05871681-905F-4145-A3FC-EABC633C66D0",
              "versionEndExcluding": "1.28.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin\u0027s qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero."
    }
  ],
  "id": "CVE-2026-46469",
  "lastModified": "2026-05-19T15:15:50.360",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-05-14T18:16:50.653",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gstreamer.freedesktop.org/security/sa-2026-0018.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-369"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Primary"
    }
  ]
}

GHSA-F2C5-5798-QFVG

Vulnerability from github – Published: 2026-05-14 18:32 – Updated: 2026-05-14 18:32

Details

Severity

4.0 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-46469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T18:16:50Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin\u0027s qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.",
  "id": "GHSA-f2c5-5798-qfvg",
  "modified": "2026-05-14T18:32:57Z",
  "published": "2026-05-14T18:32:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46469"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch"
    },
    {
      "type": "WEB",
      "url": "https://gstreamer.freedesktop.org/security/sa-2026-0018.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2026-1478

Vulnerability from csaf_certbund - Published: 2026-05-11 22:00 - Updated: 2026-06-11 22:00

Summary

GStreamer: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: GStreamer ist ein Multimedia-Framework mit einer Plugin-basierten Architektur für eine Vielzahl von Plattformen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GStreamer ausnutzen, um Informationen offenzulegen, um einen Denial-of-Service-Angriff durchzuführen, um Daten zu beschädigen oder beliebigen Code auszuführen.

Betroffene Betriebssysteme: - Android - iPhoneOS - Linux - MacOS X - UNIX - Windows

CVE-2026-46469

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source GStreamer gst-plugins-good <1.28.3 Open Source / GStreamer		gst-plugins-good <1.28.3
Open Source GStreamer core <1.28.3 Open Source / GStreamer		core <1.28.3
Open Source GStreamer gst-plugins-bad <1.28.3 Open Source / GStreamer		gst-plugins-bad <1.28.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-46470

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source GStreamer gst-plugins-good <1.28.3 Open Source / GStreamer		gst-plugins-good <1.28.3
Open Source GStreamer core <1.28.3 Open Source / GStreamer		core <1.28.3
Open Source GStreamer gst-plugins-bad <1.28.3 Open Source / GStreamer		gst-plugins-bad <1.28.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-53701

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source GStreamer gst-plugins-good <1.28.3 Open Source / GStreamer		gst-plugins-good <1.28.3
Open Source GStreamer core <1.28.3 Open Source / GStreamer		core <1.28.3
Open Source GStreamer gst-plugins-bad <1.28.3 Open Source / GStreamer		gst-plugins-bad <1.28.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-53702

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source GStreamer gst-plugins-good <1.28.3 Open Source / GStreamer		gst-plugins-good <1.28.3
Open Source GStreamer core <1.28.3 Open Source / GStreamer		core <1.28.3
Open Source GStreamer gst-plugins-bad <1.28.3 Open Source / GStreamer		gst-plugins-bad <1.28.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://gstreamer.freedesktop.org/security/sa-202…	external
https://gstreamer.freedesktop.org/security/sa-202…	external
https://gstreamer.freedesktop.org/security/sa-202…	external
https://gstreamer.freedesktop.org/security/sa-202…	external
https://gstreamer.freedesktop.org/security/sa-202…	external
https://gstreamer.freedesktop.org/security/sa-202…	external
https://ubuntu.com/security/notices/USN-8317-1	external
https://lists.debian.org/debian-security-announce…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3328.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GStreamer ist ein Multimedia-Framework mit einer Plugin-basierten Architektur f\u00fcr eine Vielzahl von Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GStreamer ausnutzen, um Informationen offenzulegen, um einen Denial-of-Service-Angriff durchzuf\u00fchren, um Daten zu besch\u00e4digen oder beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android\n- iPhoneOS\n- Linux\n- MacOS X\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1478 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1478.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1478 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1478"
      },
      {
        "category": "external",
        "summary": "GStreamer Security Advisory vom 2026-05-11",
        "url": "https://gstreamer.freedesktop.org/security/sa-2026-0024.html"
      },
      {
        "category": "external",
        "summary": "GStreamer Security Advisory vom 2026-05-11",
        "url": "https://gstreamer.freedesktop.org/security/sa-2026-0025.html"
      },
      {
        "category": "external",
        "summary": "GStreamer Security Advisory vom 2026-05-11",
        "url": "https://gstreamer.freedesktop.org/security/sa-2026-0026.html"
      },
      {
        "category": "external",
        "summary": "GStreamer Security Advisory vom 2026-05-11",
        "url": "https://gstreamer.freedesktop.org/security/sa-2026-0027.html"
      },
      {
        "category": "external",
        "summary": "GStreamer Security Advisory vom 2026-05-11",
        "url": "https://gstreamer.freedesktop.org/security/sa-2026-0028.html"
      },
      {
        "category": "external",
        "summary": "GStreamer Security Advisory vom 2026-05-11",
        "url": "https://gstreamer.freedesktop.org/security/sa-2026-0029.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8317-1 vom 2026-05-27",
        "url": "https://ubuntu.com/security/notices/USN-8317-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6318 vom 2026-06-01",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00229.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3328 vom 2026-06-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3328.html"
      }
    ],
    "source_lang": "en-US",
    "title": "GStreamer: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-12T04:50:57.764+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1478",
      "initial_release_date": "2026-05-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-Nummern erg\u00e4nzt"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-06-08T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-06-11T22:00:00.000+00:00",
          "number": "6",
          "summary": "CVE-2026-53701, CVE-2026-53702 erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "core \u003c1.28.3",
                "product": {
                  "name": "Open Source GStreamer core \u003c1.28.3",
                  "product_id": "T053833"
                }
              },
              {
                "category": "product_version",
                "name": "core 1.28.3",
                "product": {
                  "name": "Open Source GStreamer core 1.28.3",
                  "product_id": "T053833-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:gstreamer:1.28.3::core"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "gst-plugins-bad \u003c1.28.3",
                "product": {
                  "name": "Open Source GStreamer gst-plugins-bad \u003c1.28.3",
                  "product_id": "T053834"
                }
              },
              {
                "category": "product_version",
                "name": "gst-plugins-bad 1.28.3",
                "product": {
                  "name": "Open Source GStreamer gst-plugins-bad 1.28.3",
                  "product_id": "T053834-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:gstreamer:1.28.3::gst-plugins-bad"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "gst-plugins-good \u003c1.28.3",
                "product": {
                  "name": "Open Source GStreamer gst-plugins-good \u003c1.28.3",
                  "product_id": "T053835"
                }
              },
              {
                "category": "product_version",
                "name": "gst-plugins-good 1.28.3",
                "product": {
                  "name": "Open Source GStreamer gst-plugins-good 1.28.3",
                  "product_id": "T053835-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:gstreamer:1.28.3::gst-plugins-good"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GStreamer"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-46469",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T053835",
          "T053833",
          "T053834",
          "398363"
        ]
      },
      "release_date": "2026-05-11T22:00:00.000+00:00",
      "title": "CVE-2026-46469"
    },
    {
      "cve": "CVE-2026-46470",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T053835",
          "T053833",
          "T053834",
          "398363"
        ]
      },
      "release_date": "2026-05-11T22:00:00.000+00:00",
      "title": "CVE-2026-46470"
    },
    {
      "cve": "CVE-2026-53701",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T053835",
          "T053833",
          "T053834",
          "398363"
        ]
      },
      "release_date": "2026-05-11T22:00:00.000+00:00",
      "title": "CVE-2026-53701"
    },
    {
      "cve": "CVE-2026-53702",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T053835",
          "T053833",
          "T053834",
          "398363"
        ]
      },
      "release_date": "2026-05-11T22:00:00.000+00:00",
      "title": "CVE-2026-53702"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-46469 (GCVE-0-2026-46469)

FKIE_CVE-2026-46469

GHSA-F2C5-5798-QFVG

WID-SEC-W-2026-1478

Tags

Sightings

Nomenclature