ALSA-2026:6300

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:6300
Related
Published
2026-03-31T00:00:00Z
Modified
2026-04-07T12:59:23.434184202Z
Summary
Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update
Details

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

  • GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920)
  • GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082)
  • GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085)
  • GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921)
  • GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083)
  • GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer (CVE-2026-2922)
  • GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9
gstreamer1-plugins-bad-free

Package

Name
gstreamer1-plugins-bad-free
Purl
pkg:rpm/almalinux/gstreamer1-plugins-bad-free

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-bad-free-devel

Package

Name
gstreamer1-plugins-bad-free-devel
Purl
pkg:rpm/almalinux/gstreamer1-plugins-bad-free-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-bad-free-libs

Package

Name
gstreamer1-plugins-bad-free-libs
Purl
pkg:rpm/almalinux/gstreamer1-plugins-bad-free-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-base

Package

Name
gstreamer1-plugins-base
Purl
pkg:rpm/almalinux/gstreamer1-plugins-base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-base-devel

Package

Name
gstreamer1-plugins-base-devel
Purl
pkg:rpm/almalinux/gstreamer1-plugins-base-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-base-tools

Package

Name
gstreamer1-plugins-base-tools
Purl
pkg:rpm/almalinux/gstreamer1-plugins-base-tools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-good

Package

Name
gstreamer1-plugins-good
Purl
pkg:rpm/almalinux/gstreamer1-plugins-good

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-good-gtk

Package

Name
gstreamer1-plugins-good-gtk
Purl
pkg:rpm/almalinux/gstreamer1-plugins-good-gtk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-5.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"
gstreamer1-plugins-ugly-free

Package

Name
gstreamer1-plugins-ugly-free
Purl
pkg:rpm/almalinux/gstreamer1-plugins-ugly-free

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.12-4.el9_7

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6300.json"