Nixpkgs security tracker
5.1 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): LOW
Gstreamer: incomplete fix of cve-2026-1940
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
References
Affected products
Matching in nixpkgs
pkgs.gst_all_1.gst-vaapi
Set of VAAPI GStreamer Plug-ins
pkgs.gst_all_1.gstreamer
Open source multimedia framework
pkgs.gst_all_1.gstreamermm
C++ interface for GStreamer
pkgs.ocamlPackages.gstreamer
Bindings for the GStreamer library which provides functions for playning and manipulating multimedia streams
pkgs.ocamlPackages_latest.gstreamer
Bindings for the GStreamer library which provides functions for playning and manipulating multimedia streams
pkgs.obs-studio-plugins.obs-gstreamer
OBS Studio source, encoder and video filter plugin to use GStreamer elements/pipelines in OBS Studio
pkgs.libsForQt5.phonon-backend-gstreamer
GStreamer backend for Phonon
pkgs.plasma5Packages.phonon-backend-gstreamer
GStreamer backend for Phonon
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22gstreamer-controller-1.0%22
Test whether gstreamer-1.26.0 exposes pkg-config modules gstreamer-controller-1.0
Package maintainers
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@matthewbauer Matthew Bauer <mjbauer95@gmail.com>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@alesya-h Alesya Huzik <ah1990au@gmail.com>
-
@PedroHLC Pedro Lara Campos <root@pedrohlc.com>
-
@D4ndellion Daniel Olsen <daniel@dodsorf.as>