DEBIAN-CVE-2025-47806 — Vulnetix

DEBIAN-CVE-2025-47806 PUBLISHED CVSS 5.599999904632568 MEDIUM

In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.

Risk Scores

CVSS v3.1

5.599999904632568

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Debian:14	gst-plugins-base1.0	0, 0
Debian:13	gst-plugins-base1.0	0, 0
Debian:11	gst-plugins-base1.0	1.18.4-2+deb11u3, 0, 1.18.4-2
Debian:12	gst-plugins-base1.0	0, 1.22.0-3+deb12u1, 1.22.0-3+deb12u3

Timeline

Aug 7, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-47806 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›