CVE-2026-46469 — Vulnetix

CVE-2026-46469 PUBLISHED CVSS 4 MEDIUM

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

EPSS 0.01% · 3.0th percentile

Risk Scores

CVSS v3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.01%

3.0th percentile

Affected Products

Vendor	Product	Versions
GStreamer	Good Plug-ins	0
gstreamer	good_plug-ins	0

Timeline

May 14, 2026 CVE Published
May 14, 2026 CVE Updated
May 15, 2026 Security Advisory
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score
May 24, 2026 EPSS Score
May 25, 2026 EPSS Score
May 26, 2026 EPSS Score

References

https://gstreamer.freedesktop.org/security/sa-2026-0018.html url
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch url
https://nvd.nist.gov/vuln/detail/CVE-2026-46469 advisory

Open in Interactive Console →