Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

Published

2025-08-07T20:15:27.627

Last Modified

2025-08-12T16:40:49.217

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gstreamer_project	gstreamer	< 1.26.2	Yes

References

https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md Exploit, Third Party Advisory ([email protected])
https://gstreamer.freedesktop.org/security/ Vendor Advisory ([email protected])