ALSA-2026:36674

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:36674.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:36674
Related
  • CVE-2026-53703
  • CVE-2026-53704
Published
2026-07-08T00:00:00Z
Modified
2026-07-09T14:00:06.881653538Z
Summary
Moderate: gstreamer1-plugins-ugly-free security update
Details

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is not fully compatible with LGPL.

Security Fix(es):

  • gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser (CVE-2026-53703)
  • gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer FILEINFO metadata parser (CVE-2026-53704)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / gstreamer1-plugins-ugly-free

Package

Name
gstreamer1-plugins-ugly-free
Purl
pkg:rpm/almalinux/gstreamer1-plugins-ugly-free

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-6.el9_8.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:36674.json"