{"url":"http://public2.vulnerablecode.io/api/packages/5747?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%2Bdeb9u1","type":"deb","namespace":"debian","name":"gst-plugins-base1.0","version":"1.10.4-1+deb9u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.22.0-3+deb12u6","latest_non_vulnerable_version":"1.22.0-3+deb12u6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71902?format=json","vulnerability_id":"VCID-14kb-4vsb-8ubv","summary":"GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.  The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37328.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37328.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37328","reference_id":"","reference_type":"","scores":[{"value":"0.07706","scoring_system":"epss","scoring_elements":"0.92088","published_at":"2026-06-09T12:55:00Z"},{"value":"0.07706","scoring_system":"epss","scoring_elements":"0.92077","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07706","scoring_system":"epss","scoring_elements":"0.92074","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07706","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07706","scoring_system":"epss","scoring_elements":"0.92073","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37328"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254540","reference_id":"2254540","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254540"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2302","reference_id":"RHSA-2024:2302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3088","reference_id":"RHSA-2024:3088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3088"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2023-0003.html","reference_id":"sa-2023-0003.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-06T18:26:04Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2023-0003.html"},{"reference_url":"https://usn.ubuntu.com/6268-1/","reference_id":"USN-6268-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6268-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-23-901/","reference_id":"ZDI-23-901","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-06T18:26:04Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-901/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/694584?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.18.4-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.18.4-2%252Bdeb11u2"}],"aliases":["CVE-2023-37328"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14kb-4vsb-8ubv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71904?format=json","vulnerability_id":"VCID-2cvy-2aq6-cqgz","summary":"GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47538.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47538","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33848","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33877","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33891","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33823","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47538"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331727","reference_id":"2331727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331727"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch","reference_id":"8035.patch","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:36:36Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/","reference_id":"GHSL-2024-115_GHSL-2024-118_Gstreamer","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:36:36Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"},{"reference_url":"https://security.gentoo.org/glsa/202506-02","reference_id":"GLSA-202506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11117","reference_id":"RHSA-2024:11117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11118","reference_id":"RHSA-2024:11118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11120","reference_id":"RHSA-2024:11120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11123","reference_id":"RHSA-2024:11123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11130","reference_id":"RHSA-2024:11130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11141","reference_id":"RHSA-2024:11141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11142","reference_id":"RHSA-2024:11142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11143","reference_id":"RHSA-2024:11143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11344","reference_id":"RHSA-2024:11344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11345","reference_id":"RHSA-2024:11345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11345"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2024-0022.html","reference_id":"sa-2024-0022.html","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:36:36Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2024-0022.html"},{"reference_url":"https://usn.ubuntu.com/7175-1/","reference_id":"USN-7175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7175-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2024-47538"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2cvy-2aq6-cqgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71903?format=json","vulnerability_id":"VCID-bxb4-g1x3-fqea","summary":"GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.  The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4453.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4453.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4453","reference_id":"","reference_type":"","scores":[{"value":"0.03337","scoring_system":"epss","scoring_elements":"0.87549","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03337","scoring_system":"epss","scoring_elements":"0.87542","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03337","scoring_system":"epss","scoring_elements":"0.8754","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03337","scoring_system":"epss","scoring_elements":"0.87539","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03337","scoring_system":"epss","scoring_elements":"0.87538","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4453"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2282999","reference_id":"2282999","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2282999"},{"reference_url":"https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5","reference_id":"e68eccff103ab0e91e6d77a892f57131b33902f5","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-23T15:47:50Z/"}],"url":"https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-23T15:47:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9056","reference_id":"RHSA-2024:9056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18416","reference_id":"RHSA-2025:18416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7178","reference_id":"RHSA-2025:7178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7178"},{"reference_url":"https://usn.ubuntu.com/6798-1/","reference_id":"USN-6798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6798-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-24-467/","reference_id":"ZDI-24-467","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-23T15:47:50Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-467/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/694584?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.18.4-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.18.4-2%252Bdeb11u2"}],"aliases":["CVE-2024-4453"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxb4-g1x3-fqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71906?format=json","vulnerability_id":"VCID-e4af-8dzz-xfg9","summary":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47542.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47542.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47542","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43699","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43737","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43746","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43723","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43689","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47542"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331717","reference_id":"2331717","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331717"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch","reference_id":"8033.patch","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:30:59Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/","reference_id":"GHSL-2024-235_Gstreamer","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:30:59Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/"},{"reference_url":"https://security.gentoo.org/glsa/202506-02","reference_id":"GLSA-202506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7243","reference_id":"RHSA-2025:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7243"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2024-0008.html","reference_id":"sa-2024-0008.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:30:59Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2024-0008.html"},{"reference_url":"https://usn.ubuntu.com/7175-1/","reference_id":"USN-7175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7175-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2024-47542"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4af-8dzz-xfg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71913?format=json","vulnerability_id":"VCID-ewp5-zkax-4far","summary":"In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47808.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47808","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63946","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63942","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63949","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63938","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63927","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47808"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387146","reference_id":"2387146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387146"},{"reference_url":"https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md","reference_id":"ATREDIS-2025-0003.md","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-07T19:49:18Z/"}],"url":"https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md"},{"reference_url":"https://gstreamer.freedesktop.org/security/","reference_id":"security","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-07T19:49:18Z/"}],"url":"https://gstreamer.freedesktop.org/security/"},{"reference_url":"https://usn.ubuntu.com/7716-1/","reference_id":"USN-7716-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7716-1/"},{"reference_url":"https://usn.ubuntu.com/7827-1/","reference_id":"USN-7827-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7827-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2025-47808"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewp5-zkax-4far"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64906?format=json","vulnerability_id":"VCID-fwv6-ss7p-t3fq","summary":"GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2921.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2921.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2921","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12644","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12731","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12734","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12695","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12614","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2921"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447496","reference_id":"2447496","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447496"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e3a99c35266fc92dd6a18ac5fde028d0cda559e6","reference_id":"e3a99c35266fc92dd6a18ac5fde028d0cda559e6","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-16T15:26:01Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e3a99c35266fc92dd6a18ac5fde028d0cda559e6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19024","reference_id":"RHSA-2026:19024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19180","reference_id":"RHSA-2026:19180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6259","reference_id":"RHSA-2026:6259","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6300","reference_id":"RHSA-2026:6300","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6300"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6750","reference_id":"RHSA-2026:6750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6750"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7673","reference_id":"RHSA-2026:7673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7850","reference_id":"RHSA-2026:7850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8854","reference_id":"RHSA-2026:8854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8857","reference_id":"RHSA-2026:8857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8862","reference_id":"RHSA-2026:8862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8874","reference_id":"RHSA-2026:8874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8876","reference_id":"RHSA-2026:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9446","reference_id":"RHSA-2026:9446","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9446"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9447","reference_id":"RHSA-2026:9447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9487","reference_id":"RHSA-2026:9487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9488","reference_id":"RHSA-2026:9488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9488"},{"reference_url":"https://usn.ubuntu.com/8130-1/","reference_id":"USN-8130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8130-1/"},{"reference_url":"https://usn.ubuntu.com/8130-2/","reference_id":"USN-8130-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8130-2/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-26-168/","reference_id":"ZDI-26-168","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-16T15:26:01Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-168/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2026-2921"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwv6-ss7p-t3fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71909?format=json","vulnerability_id":"VCID-hv7t-32rs-vqds","summary":"GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47615.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47615","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29553","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29643","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29604","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29572","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29539","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331740","reference_id":"2331740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331740"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch","reference_id":"8038.patch","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:18:36Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/","reference_id":"GHSL-2024-115_GHSL-2024-118_Gstreamer","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:18:36Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"},{"reference_url":"https://security.gentoo.org/glsa/202506-02","reference_id":"GLSA-202506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11117","reference_id":"RHSA-2024:11117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11118","reference_id":"RHSA-2024:11118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11120","reference_id":"RHSA-2024:11120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11123","reference_id":"RHSA-2024:11123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11130","reference_id":"RHSA-2024:11130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11141","reference_id":"RHSA-2024:11141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11142","reference_id":"RHSA-2024:11142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11143","reference_id":"RHSA-2024:11143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11344","reference_id":"RHSA-2024:11344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11345","reference_id":"RHSA-2024:11345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11345"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2024-0026.html","reference_id":"sa-2024-0026.html","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:18:36Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2024-0026.html"},{"reference_url":"https://usn.ubuntu.com/7175-1/","reference_id":"USN-7175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7175-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2024-47615"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hv7t-32rs-vqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71911?format=json","vulnerability_id":"VCID-kcf6-m4ek-77gb","summary":"In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47806.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47806","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.595","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59506","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5951","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59501","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59482","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47806"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387145","reference_id":"2387145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387145"},{"reference_url":"https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md","reference_id":"ATREDIS-2025-0003.md","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-08T15:45:02Z/"}],"url":"https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md"},{"reference_url":"https://gstreamer.freedesktop.org/security/","reference_id":"security","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-08T15:45:02Z/"}],"url":"https://gstreamer.freedesktop.org/security/"},{"reference_url":"https://usn.ubuntu.com/7716-1/","reference_id":"USN-7716-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7716-1/"},{"reference_url":"https://usn.ubuntu.com/7827-1/","reference_id":"USN-7827-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7827-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2025-47806"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcf6-m4ek-77gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71908?format=json","vulnerability_id":"VCID-prn6-2uc7-wudw","summary":"GStreamer is a library for constructing graphs of media-handling components.  stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47607.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47607","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33848","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33877","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33891","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33823","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47607"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331754","reference_id":"2331754","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331754"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch","reference_id":"8037.patch","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:22:43Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/","reference_id":"GHSL-2024-115_GHSL-2024-118_Gstreamer","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:22:43Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"},{"reference_url":"https://security.gentoo.org/glsa/202506-02","reference_id":"GLSA-202506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11117","reference_id":"RHSA-2024:11117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11118","reference_id":"RHSA-2024:11118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11120","reference_id":"RHSA-2024:11120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11123","reference_id":"RHSA-2024:11123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11130","reference_id":"RHSA-2024:11130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11141","reference_id":"RHSA-2024:11141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11142","reference_id":"RHSA-2024:11142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11143","reference_id":"RHSA-2024:11143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11344","reference_id":"RHSA-2024:11344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11345","reference_id":"RHSA-2024:11345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11345"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2024-0024.html","reference_id":"sa-2024-0024.html","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:22:43Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2024-0024.html"},{"reference_url":"https://usn.ubuntu.com/7175-1/","reference_id":"USN-7175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7175-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2024-47607"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prn6-2uc7-wudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71912?format=json","vulnerability_id":"VCID-qctp-a1bu-tudp","summary":"In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47807.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47807","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26567","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26663","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26654","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26615","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2656","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47807"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387143","reference_id":"2387143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387143"},{"reference_url":"https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md","reference_id":"ATREDIS-2025-0003.md","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T13:52:51Z/"}],"url":"https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md"},{"reference_url":"https://gstreamer.freedesktop.org/security/","reference_id":"security","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T13:52:51Z/"}],"url":"https://gstreamer.freedesktop.org/security/"},{"reference_url":"https://usn.ubuntu.com/7716-1/","reference_id":"USN-7716-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7716-1/"},{"reference_url":"https://usn.ubuntu.com/7827-1/","reference_id":"USN-7827-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7827-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2025-47807"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qctp-a1bu-tudp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71901?format=json","vulnerability_id":"VCID-rph9-1s8j-2fa7","summary":"GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3522.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3522","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31971","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31967","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32044","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32013","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31976","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31944","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954761","reference_id":"1954761","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:34:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954761"},{"reference_url":"https://security.gentoo.org/glsa/202208-31","reference_id":"GLSA-202208-31","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:34:10Z/"}],"url":"https://security.gentoo.org/glsa/202208-31"},{"reference_url":"https://usn.ubuntu.com/4959-1/","reference_id":"USN-4959-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4959-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516440?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.14.4-2%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.14.4-2%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/694584?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.18.4-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.18.4-2%252Bdeb11u2"}],"aliases":["CVE-2021-3522"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rph9-1s8j-2fa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71910?format=json","vulnerability_id":"VCID-st3r-5xwc-u7ez","summary":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47835.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47835","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23426","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23538","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23522","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23476","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23421","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47835"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331742","reference_id":"2331742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331742"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch","reference_id":"8039.patch","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T21:14:03Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/","reference_id":"GHSL-2024-263_Gstreamer","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T21:14:03Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/"},{"reference_url":"https://security.gentoo.org/glsa/202506-02","reference_id":"GLSA-202506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7243","reference_id":"RHSA-2025:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7243"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2024-0029.html","reference_id":"sa-2024-0029.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T21:14:03Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2024-0029.html"},{"reference_url":"https://usn.ubuntu.com/7175-1/","reference_id":"USN-7175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7175-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2024-47835"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-st3r-5xwc-u7ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71900?format=json","vulnerability_id":"VCID-td5g-1cuf-duf1","summary":"GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9928.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9928","reference_id":"","reference_type":"","scores":[{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95064","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95074","published_at":"2026-06-06T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95076","published_at":"2026-06-07T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95075","published_at":"2026-06-08T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.9508","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724904","reference_id":"1724904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724904"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978","reference_id":"927978","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978"},{"reference_url":"https://security.gentoo.org/glsa/202003-33","reference_id":"GLSA-202003-33","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-33"},{"reference_url":"https://usn.ubuntu.com/3958-1/","reference_id":"USN-3958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516440?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.14.4-2%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.14.4-2%252Bdeb10u1"}],"aliases":["CVE-2019-9928"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td5g-1cuf-duf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71907?format=json","vulnerability_id":"VCID-ujmz-6urw-fbcy","summary":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47600.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47600","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5959","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59598","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59601","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59592","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59573","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47600"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331738","reference_id":"2331738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331738"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch","reference_id":"8034.patch","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:27:40Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/","reference_id":"GHSL-2024-248_Gstreamer","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:27:40Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/"},{"reference_url":"https://security.gentoo.org/glsa/202506-02","reference_id":"GLSA-202506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7243","reference_id":"RHSA-2025:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7243"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2024-0018.html","reference_id":"sa-2024-0018.html","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:27:40Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2024-0018.html"},{"reference_url":"https://usn.ubuntu.com/7175-1/","reference_id":"USN-7175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7175-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2024-47600"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujmz-6urw-fbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71905?format=json","vulnerability_id":"VCID-wqve-sy8j-w7ht","summary":"GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket \"}\" appears before an opening curly bracket \"{\" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47541.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47541.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47541","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47577","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4761","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47611","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47594","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47564","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47541"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331724","reference_id":"2331724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331724"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch","reference_id":"8036.patch","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:33:06Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/","reference_id":"GHSL-2024-228_GStreamer","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:33:06Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/"},{"reference_url":"https://security.gentoo.org/glsa/202506-02","reference_id":"GLSA-202506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7243","reference_id":"RHSA-2025:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7243"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2024-0023.html","reference_id":"sa-2024-0023.html","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T14:33:06Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2024-0023.html"},{"reference_url":"https://usn.ubuntu.com/7175-1/","reference_id":"USN-7175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7175-1/"},{"reference_url":"https://usn.ubuntu.com/7807-1/","reference_id":"USN-7807-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7807-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/708162?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.22.0-3%252Bdeb12u6"}],"aliases":["CVE-2024-47541"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqve-sy8j-w7ht"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4602?format=json","vulnerability_id":"VCID-45c2-fjbs-8qb3","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5839.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5839","reference_id":"","reference_type":"","scores":[{"value":"0.04327","scoring_system":"epss","scoring_elements":"0.89112","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04327","scoring_system":"epss","scoring_elements":"0.89095","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04327","scoring_system":"epss","scoring_elements":"0.89128","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04327","scoring_system":"epss","scoring_elements":"0.89111","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419586","reference_id":"1419586","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419586"},{"reference_url":"https://security.archlinux.org/ASA-201702-4","reference_id":"ASA-201702-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-4"},{"reference_url":"https://security.archlinux.org/AVG-164","reference_id":"AVG-164","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-164"},{"reference_url":"https://security.gentoo.org/glsa/201705-10","reference_id":"GLSA-201705-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2060","reference_id":"RHSA-2017:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2060"},{"reference_url":"https://usn.ubuntu.com/3244-1/","reference_id":"USN-3244-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3244-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4386?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-45c2-fjbs-8qb3"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-dfe5-a3hr-vfgj"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-ghrm-44zq-9ffh"},{"vulnerability":"VCID-gr2p-ynvt-gyca"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-vva3-yeuq-dqb3"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5747?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%252Bdeb9u1"}],"aliases":["CVE-2017-5839"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45c2-fjbs-8qb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71897?format=json","vulnerability_id":"VCID-dfe5-a3hr-vfgj","summary":"The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9811.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9811.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9811","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54697","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54755","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54739","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54765","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54759","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1401918","reference_id":"1401918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1401918"},{"reference_url":"https://security.gentoo.org/glsa/201705-10","reference_id":"GLSA-201705-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2060","reference_id":"RHSA-2017:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2060"},{"reference_url":"https://usn.ubuntu.com/3244-1/","reference_id":"USN-3244-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3244-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4386?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-45c2-fjbs-8qb3"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-dfe5-a3hr-vfgj"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-ghrm-44zq-9ffh"},{"vulnerability":"VCID-gr2p-ynvt-gyca"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-vva3-yeuq-dqb3"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5747?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%252Bdeb9u1"}],"aliases":["CVE-2016-9811"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfe5-a3hr-vfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4603?format=json","vulnerability_id":"VCID-ghrm-44zq-9ffh","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5837.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5837","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43285","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43311","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43276","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43326","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43335","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419584","reference_id":"1419584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419584"},{"reference_url":"https://security.archlinux.org/ASA-201702-4","reference_id":"ASA-201702-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-4"},{"reference_url":"https://security.archlinux.org/AVG-164","reference_id":"AVG-164","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-164"},{"reference_url":"https://security.gentoo.org/glsa/201705-10","reference_id":"GLSA-201705-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2060","reference_id":"RHSA-2017:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2060"},{"reference_url":"https://usn.ubuntu.com/3244-1/","reference_id":"USN-3244-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3244-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4386?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-45c2-fjbs-8qb3"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-dfe5-a3hr-vfgj"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-ghrm-44zq-9ffh"},{"vulnerability":"VCID-gr2p-ynvt-gyca"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-vva3-yeuq-dqb3"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5747?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%252Bdeb9u1"}],"aliases":["CVE-2017-5837"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghrm-44zq-9ffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4601?format=json","vulnerability_id":"VCID-gr2p-ynvt-gyca","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5842.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5842.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5842","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54623","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54663","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54692","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54684","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54681","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419591","reference_id":"1419591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419591"},{"reference_url":"https://security.archlinux.org/ASA-201702-4","reference_id":"ASA-201702-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-4"},{"reference_url":"https://security.archlinux.org/AVG-164","reference_id":"AVG-164","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-164"},{"reference_url":"https://security.gentoo.org/glsa/201705-10","reference_id":"GLSA-201705-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2060","reference_id":"RHSA-2017:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2060"},{"reference_url":"https://usn.ubuntu.com/3244-1/","reference_id":"USN-3244-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3244-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4386?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-45c2-fjbs-8qb3"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-dfe5-a3hr-vfgj"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-ghrm-44zq-9ffh"},{"vulnerability":"VCID-gr2p-ynvt-gyca"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-vva3-yeuq-dqb3"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5747?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%252Bdeb9u1"}],"aliases":["CVE-2017-5842"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2p-ynvt-gyca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71900?format=json","vulnerability_id":"VCID-td5g-1cuf-duf1","summary":"GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9928.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9928","reference_id":"","reference_type":"","scores":[{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95064","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95074","published_at":"2026-06-06T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95076","published_at":"2026-06-07T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.95075","published_at":"2026-06-08T12:55:00Z"},{"value":"0.16747","scoring_system":"epss","scoring_elements":"0.9508","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724904","reference_id":"1724904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724904"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978","reference_id":"927978","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978"},{"reference_url":"https://security.gentoo.org/glsa/202003-33","reference_id":"GLSA-202003-33","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-33"},{"reference_url":"https://usn.ubuntu.com/3958-1/","reference_id":"USN-3958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5747?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/516440?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.14.4-2%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.14.4-2%252Bdeb10u1"}],"aliases":["CVE-2019-9928"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td5g-1cuf-duf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4600?format=json","vulnerability_id":"VCID-vva3-yeuq-dqb3","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5844.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5844","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43285","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43311","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43276","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43326","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43335","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419600","reference_id":"1419600","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1419600"},{"reference_url":"https://security.archlinux.org/ASA-201702-4","reference_id":"ASA-201702-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-4"},{"reference_url":"https://security.archlinux.org/AVG-164","reference_id":"AVG-164","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-164"},{"reference_url":"https://security.gentoo.org/glsa/201705-10","reference_id":"GLSA-201705-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2060","reference_id":"RHSA-2017:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2060"},{"reference_url":"https://usn.ubuntu.com/3244-1/","reference_id":"USN-3244-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3244-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4386?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-45c2-fjbs-8qb3"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-dfe5-a3hr-vfgj"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-ghrm-44zq-9ffh"},{"vulnerability":"VCID-gr2p-ynvt-gyca"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-vva3-yeuq-dqb3"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.4.4-2%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5747?format=json","purl":"pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14kb-4vsb-8ubv"},{"vulnerability":"VCID-2cvy-2aq6-cqgz"},{"vulnerability":"VCID-bxb4-g1x3-fqea"},{"vulnerability":"VCID-e4af-8dzz-xfg9"},{"vulnerability":"VCID-ewp5-zkax-4far"},{"vulnerability":"VCID-fwv6-ss7p-t3fq"},{"vulnerability":"VCID-hv7t-32rs-vqds"},{"vulnerability":"VCID-kcf6-m4ek-77gb"},{"vulnerability":"VCID-prn6-2uc7-wudw"},{"vulnerability":"VCID-qctp-a1bu-tudp"},{"vulnerability":"VCID-rph9-1s8j-2fa7"},{"vulnerability":"VCID-st3r-5xwc-u7ez"},{"vulnerability":"VCID-td5g-1cuf-duf1"},{"vulnerability":"VCID-ujmz-6urw-fbcy"},{"vulnerability":"VCID-wqve-sy8j-w7ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%252Bdeb9u1"}],"aliases":["CVE-2017-5844"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vva3-yeuq-dqb3"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-base1.0@1.10.4-1%252Bdeb9u1"}