UbuntuUpdates.org

Package "gstreamer1.0-plugins-good"

Name: gstreamer1.0-plugins-good

Description:

GStreamer plugins from the "good" set
Latest version: 1.26.5-1ubuntu2.3
Release: questing (25.10)
Level: security
Repository: main
Head package: gst-plugins-good1.0
Homepage: https://gstreamer.freedesktop.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gstreamer1.0-plugins-good"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "gstreamer1.0-plugins-good" in Questing

Repository Area Version
base main 1.26.5-1ubuntu2
updates main 1.26.5-1ubuntu2.3

Changelog

Version: 1.26.5-1ubuntu2.3 2026-05-27 14:07:38 UTC

  gst-plugins-good1.0 (1.26.5-1ubuntu2.3) questing-security; urgency=medium

  * SECURITY UPDATE: DoS when parsing MP4 audio tracks
    - debian/patches/CVE-2026-464xx-1.patch: qtdemux: Avoid division by zero if
      0 audio channels are signalled in gst/isomp4/qtdemux.c.
    - debian/patches/CVE-2026-464xx-2.patch: qtdemux: Validate chnl defined
      layout before using it to index the layouts array in gst/isomp4/qtdemux.c.
    - debian/patches/CVE-2026-464xx-3.patch: qtdemux: Avoid out-of-bounds reads
      and writes of 64 item audio channel positions array in
      gst/isomp4/qtdemux.c.
    - debian/patches/CVE-2026-464xx-4.patch: qtdemux: Fix bit pattern check for
      omitted audio channels map in gst/isomp4/qtdemux.c.
    - CVE-2026-46469
    - CVE-2026-46470

 -- Marc Deslauriers <email address hidden> Sun, 24 May 2026 10:39:54 -0400
Source diff to previous version
CVE-2026-46469 An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function d
CVE-2026-46470 An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function d

Version: 1.26.5-1ubuntu2.2 2026-05-20 14:07:37 UTC

  gst-plugins-good1.0 (1.26.5-1ubuntu2.2) questing-security; urgency=medium

  * SECURITY UPDATE: Integer overflows and OOB access in MOV/MP4 demuxer
    - debian/patches/CVE-2026-5056.patch: qtdemux: Add various integer overflow
      and bounds checks to uncompressed video handling in gst/isomp4/qtdemux.c.
    - CVE-2026-5056

 -- Marc Deslauriers <email address hidden> Tue, 12 May 2026 09:48:32 +0200
CVE-2026-5056 Integer overflows and out-of-bounds access in MOV/MP4 demuxer

Version: *DELETED* 2026-03-30 15:07:56 UTC
No changelog for deleted or moved packages.

Version: 1.26.5-1ubuntu2.1 2026-03-30 14:08:00 UTC

  gst-plugins-good1.0 (1.26.5-1ubuntu2.1) questing-security; urgency=medium

  * SECURITY UPDATE: multiple rtpqdm2depay code execution issues
    - debian/patches/CVE-2026-3083_5.patch: remove rtpqdm2depay element in
      docs/gst_plugins_cache.json, gst/rtp/gstrtp.c, gst/rtp/meson.build,
      gst/rtp/gstrtpqdmdepay.c, gst/rtp/gstrtpqdmdepay.h.
    - CVE-2026-3083
    - CVE-2026-3085

 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2026 12:58:06 -0400
CVE-2026-3083 GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code
CVE-2026-3085 GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrar


About   -   Send Feedback to @ubuntu_updates