Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.

Published

2025-08-07T20:15:27.507

Last Modified

2025-08-12T16:40:56.193

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gstreamer_project	gstreamer	< 1.26.2	Yes

References

https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md Exploit, Third Party Advisory ([email protected])
https://gstreamer.freedesktop.org/security/ Vendor Advisory ([email protected])
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)