Details:
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.
Security Fix(es):
GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920)
GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082)
GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085)
GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921)
GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083)
GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer (CVE-2026-2922)
GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
0:1.24.11-3.el10_10:1.24.11-3.el10_10:1.24.11-3.el10_10:1.24.11-3.el10_10:1.24.11-3.el10_10:1.24.11-3.el10_10:1.24.11-2.el10_10:1.24.11-2.el10_10:1.24.11-2.el10_10:1.24.11-2.el10_1Exploitability
AV:NAC:LPR:NUI:RScope
S:UImpact
C:HI:HA:H8.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H