High
CVSS 8.1
Overview
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
CVE-2025-47219
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may...
Risk analysis
This vulnerability is rated 🟠 HIGH.
- CVSS: 8.1 (HIGH)
- Detected tags: info_leak (tag impact: LOW)
Recommended actions:
- Reduce verbose errors, remove debug endpoints, minimize PII in logs.