9.1
CVE-2026-46470
- EPSS 0.21%
- Veröffentlicht 14.05.2026 17:40:46
- Zuletzt bearbeitet 19.05.2026 16:34:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freedesktop ≫ Gst-plugins-good Version < 1.28.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.108 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| cve@mitre.org | 4 | 2.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-369 Divide By Zero
The product divides a value by zero.
https://gstreamer.freedesktop.org/security/sa-2026-0018.html
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch