CNNVD-202507-683 Information

CNNVD ID

CNNVD-202507-683

Related CVE

CVE-2025-6663

• CNNVD Published: 2025-07-07

Description (Chinese)

GStreamer是GStreamer开源的一套用于处理流媒体的框架。 GStreamer存在安全漏洞，该漏洞源于解析H266 sei消息时未正确验证用户提供数据的长度，可能导致远程代码执行。

Description (English)

GStreamer is an open-source framework for processing streaming media. GStreamer had a security loophole, which stemmed from the failure to correctly verify the length of data provided by users when deciphering H266 sei messages, which could lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GStreamer

Published

2025-07-07

Last Modified

2026-02-24

References

https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/eedd01ac3dfeb60e36a44bb61a6d0418454e8416 https://www.zerodayinitiative.com/advisories/ZDI-25-467/ https://access.redhat.com/security/cve/cve-2025-6663

Patch

https://gstreamer.freedesktop.org/download/#windows