CVE Daily

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may...

Medium CVSS 6.6

Overview

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.

CWE: CWE-125 Published: 2025-08-07T20:15:27.507
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.6 (MEDIUM)
  • Detected tags: info_leak (tag impact: LOW)

Recommended actions:

  • Reduce verbose errors, remove debug endpoints, minimize PII in logs.

Recommended tools

Tags