CVE-2025-47219 on CTRL-OS 24.05

Packages: gst_all_1.gst-plugins-good

Status: Plausible

CVE Information

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

Updates

2026-04-07 19:24 CEST

Metadata changes:

• Status for package gst_all_1.gst-plugins-good: “Plausible”

(Amended on: 2026-04-07 19:25 CEST)