{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71965?format=json","vulnerability_id":"VCID-brnw-63j5-7yef","summary":"An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.","aliases":[{"alias":"CVE-2026-46470"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/422780?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=aarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422781?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=armhf&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422782?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=armv7&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422783?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=loongarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=loongarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422784?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=ppc64le&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=ppc64le&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422785?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=riscv64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422786?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=s390x&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422787?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=x86&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/422788?format=json","purl":"pkg:apk/alpine/gst-plugins-good@1.26.3-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/gst-plugins-good@1.26.3-r0%3Farch=x86_64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/195512?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.26.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mj3t-j7g3-7bfq"},{"vulnerability":"VCID-u73g-8ggx-1fc9"},{"vulnerability":"VCID-w54k-cu4v-bke8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.26.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/98025?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.26.2-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mj3t-j7g3-7bfq"},{"vulnerability":"VCID-u73g-8ggx-1fc9"},{"vulnerability":"VCID-w54k-cu4v-bke8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.26.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98060?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.26.2-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.26.2-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98059?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.28.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.28.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98024?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.28.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.28.3-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195510?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.18.4-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d1r-5kkb-7ye2"},{"vulnerability":"VCID-29es-ejea-pygu"},{"vulnerability":"VCID-2p1v-p9qx-dqf7"},{"vulnerability":"VCID-3nrz-yxqn-rqa4"},{"vulnerability":"VCID-4648-f3yy-pbda"},{"vulnerability":"VCID-5ufm-tsms-h7a9"},{"vulnerability":"VCID-6ern-p9t7-3yew"},{"vulnerability":"VCID-6hhv-59xx-z3d5"},{"vulnerability":"VCID-8b6s-auvz-j7hx"},{"vulnerability":"VCID-94z5-4bbg-vbb6"},{"vulnerability":"VCID-andw-dxbd-dyh2"},{"vulnerability":"VCID-bj61-nktv-ckha"},{"vulnerability":"VCID-brnw-63j5-7yef"},{"vulnerability":"VCID-cbkd-pcah-6fdh"},{"vulnerability":"VCID-cn2s-511z-67c9"},{"vulnerability":"VCID-crn4-rz62-vud2"},{"vulnerability":"VCID-cz7t-kf95-1kbk"},{"vulnerability":"VCID-d7fr-ks8g-nue3"},{"vulnerability":"VCID-gw33-8spm-eua2"},{"vulnerability":"VCID-h4e5-jrka-c7ak"},{"vulnerability":"VCID-h5ry-yskw-mygr"},{"vulnerability":"VCID-hgfm-9trt-p7cf"},{"vulnerability":"VCID-jdrn-e22z-ske9"},{"vulnerability":"VCID-k4r3-n1tw-s3h5"},{"vulnerability":"VCID-mj3t-j7g3-7bfq"},{"vulnerability":"VCID-psv4-ttkg-97d4"},{"vulnerability":"VCID-tqzp-9xxz-hyh9"},{"vulnerability":"VCID-u73g-8ggx-1fc9"},{"vulnerability":"VCID-w54k-cu4v-bke8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.18.4-2%252Bdeb11u2"},{"url":"http://public2.vulnerablecode.io/api/packages/98023?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.18.4-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brnw-63j5-7yef"},{"vulnerability":"VCID-d7fr-ks8g-nue3"},{"vulnerability":"VCID-mj3t-j7g3-7bfq"},{"vulnerability":"VCID-u73g-8ggx-1fc9"},{"vulnerability":"VCID-w54k-cu4v-bke8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.18.4-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/195511?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.22.0-5%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29es-ejea-pygu"},{"vulnerability":"VCID-brnw-63j5-7yef"},{"vulnerability":"VCID-d7fr-ks8g-nue3"},{"vulnerability":"VCID-mj3t-j7g3-7bfq"},{"vulnerability":"VCID-u73g-8ggx-1fc9"},{"vulnerability":"VCID-w54k-cu4v-bke8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.22.0-5%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/98021?format=json","purl":"pkg:deb/debian/gst-plugins-good1.0@1.22.0-5%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29es-ejea-pygu"},{"vulnerability":"VCID-brnw-63j5-7yef"},{"vulnerability":"VCID-d7fr-ks8g-nue3"},{"vulnerability":"VCID-mj3t-j7g3-7bfq"},{"vulnerability":"VCID-u73g-8ggx-1fc9"},{"vulnerability":"VCID-w54k-cu4v-bke8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gst-plugins-good1.0@1.22.0-5%252Bdeb12u3%3Fdistro=trixie"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46470","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11839","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11954","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11949","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11911","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11828","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46470"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch","reference_id":"11243.patch","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:43:14Z/"}],"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch"},{"reference_url":"https://gstreamer.freedesktop.org/security/sa-2026-0018.html","reference_id":"sa-2026-0018.html","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:43:14Z/"}],"url":"https://gstreamer.freedesktop.org/security/sa-2026-0018.html"},{"reference_url":"https://usn.ubuntu.com/8317-1/","reference_id":"USN-8317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8317-1/"}],"weaknesses":[{"cwe_id":369,"name":"Divide By Zero","description":"The product divides a value by zero."}],"exploits":[],"severity_range_score":"4.0 - 4.0","exploitability":"0.5","weighted_severity":"2.0","risk_score":1.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brnw-63j5-7yef"}