GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.

redhat RHSA-2025:7178: RHSA-2025:7178: gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server security update (Moderate)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7558-1 advisory.

    It was discovered that the AV1 codec plugin in GStreamer could be made to write out of bounds. An attacker     could possibly use this issue to cause applications using the plugin to crash, resulting in a denial of     service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-50186,     CVE-2024-0444)

    It was discovered that the H265 codec plugin in GStreamer could be made to write out of bounds. An     attacker could possibly use this issue to cause applications using the plugin to crash, resulting in a     denial of service, or possibly execute arbitrary code. (CVE-2025-3887)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0072 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2024-0444:
    GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This     vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer.
    Interaction with this library is required to exploit this vulnerability but attack vectors may vary     depending on the implementation.
    The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue     results from the lack of proper validation of the length of user-supplied data prior to copying it to a     fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the     context of the current process. Was ZDI-CAN-22873.

    CVE-2024-4453:
    GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability     allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with     this library is required to exploit this vulnerability but attack vectors may vary depending on the     implementation.
    The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper     validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An     attacker can leverage this vulnerability to execute code in the context of the current process.
    . Was ZDI-CAN-23896.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7178 advisory.

    gstreamer1     [1.22.12-3]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-2]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-1]
    - Update to 1.22.12

    [1.22.9-1]
    - 1.22.9

    [1.22.8-3]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-1]
    - 1.22.8

    [1.22.7-2]
    - Set cap information correctly
    - Resolves: rhbz#2238703

    [1.22.7-1]
    - 1.22.7

    [1.22.6-1]
    - 1.22.6

    [1.22.5-1]
    - Update to 1.22.5

    [1.22.4-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

    [1.22.4-1]
    - 1.22.4

    [1.22.3-2]
    - Do setcap on gst-ptp-helper to give the right permissions.

    [1.22.3-1]
    - Update to 1.22.3

    [1.22.2-1]
    - Update to 1.22.2

    [1.22.1-1]
    - Update to 1.22.1

    [1.22.0-1]
    - Update to 1.22.0

    [1.21.90-1]
    - Update to 1.21.90

    [1.20.5-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

    [1.20.5-1]
    - Update to 1.20.5

    gstreamer1-plugins-bad-free     [1.22.12-3]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-2]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-1]
    - 1.22.12

    [1.22.11-1]
    - 1.22.11

    [1.22.9-3]
    - Add gstreamer1-plugin-openh264 subpackage with the openh264 plugin

    [1.22.9-2]
    - Rebuilt for opencv-4.9.0

    [1.22.9-1]
    - 1.22.9

    [1.22.8-5]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-4]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-3]
    - Backport of 'va: fixes for Mesa driver'
    - Resolves: rhbz#2256693

    [1.22.8-2]
    - Enable dvbsuboverlay and siren plugins
    - Enable avtp, dtsdec, and flite plugins in extras

    [1.22.8-1]
    - 1.22.8

    [1.22.7-2]
    - Move gstva from extras into main package

    [1.22.7-1]
    - 1.22.7

    [1.22.5-2]
    - Separate libs subpackage
    - Enable opencv as separate subpackage

    [1.22.5-1]
    - Update to 1.22.5

    [1.22.3-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

    [1.22.3-1]
    - Update to 1.22.3

    [1.22.2-4]
    - Remove obsolete of plugins-bad-freeworld to workaround a dnf bug       https://bugzilla.redhat.com/show_bug.cgi?id=1867376#c9

    [1.22.2-3]
    - Fix migration of musepack and voamrwbenc to -bad-free-extras

    [1.22.2-2]
    - Enable musepack and voamrwbenc in extras

    [1.22.2-1]
    - Update to 1.22.2

    [1.22.1-1]
    - Update to 1.22.1

    [1.22.0-1]
    - Update to 1.22.0

    [1.21.90-1]
    - Update to 1.21.90

    [1.20.5-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

    [1.20.5-1]
    - Update to 1.20.5
    - Remove unwanted crypto dependencies.

    [1.20.4-2]
    - Drop vdpau configure option
    - The libgstva plugin is now excluded from file listings when disabled
    - Resolves: rhbz#2141093

    gstreamer1-plugins-ugly-free     [1.22.12-3]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-2]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-1]
    - 1.22.12

    [1.22.11-1]
    - 1.22.11

    [1.22.9-1]
    - 1.22.9

    [1.22.8-4]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-3]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-2]
    - Enable asfdemux, dvdlpcmdec, dvdsub, and realmedia plugins
    - Disable AMR plugins in RHEL builds
    - Resolves: rhbz#2236889

    [1.22.8-1]
    - 1.22.8

    [1.22.7-1]
    - 1.22.7

    [1.22.5-1]
    - Update to 1.22.5

    [1.22.3-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

    [1.22.3-1]
    - Update to 1.22.3

    [1.22.2-1]
    - Update to 1.22.2

    [1.22.1-2]
    - Rebuild for new AMR plugins.

    gstreamer1-rtsp-server     [1.22.12-3]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-2]
    - Rebuild
    - Resolves: RHEL-38511, RHEL-41157

    [1.22.12-1]
    - 1.22.12

    [1.22.11-1]
    - 1.22.11

    [1.22.9-1]
    - 1.22.9

    [1.22.8-3]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

    [1.22.8-1]
    - 1.22.8

    [1.22.7-1]
    - 1.22.7

    [1.22.5-1]
    - Update to 1.22.5

    [1.22.3-2]
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

    [1.22.3-1]
    - Update to 1.22.3

    [1.22.2-1]
    - Update to 1.22.2

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0065 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2024-0444:
    GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This     vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer.
    Interaction with this library is required to exploit this vulnerability but attack vectors may vary     depending on the implementation.
    The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue     results from the lack of proper validation of the length of user-supplied data prior to copying it to a     fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the     context of the current process. Was ZDI-CAN-22873.

    CVE-2024-4453:
    GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability     allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with     this library is required to exploit this vulnerability but attack vectors may vary depending on the     implementation.
    The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper     validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An     attacker can leverage this vulnerability to execute code in the context of the current process.
    . Was ZDI-CAN-23896.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7178 advisory.

    The gstreamer1 packages contain a streaming media framework, based on graphs of filters which operate on     media data.

    Security Fix(es):

    * gstreamer: EXIF Metadata Parsing Integer Overflow (CVE-2024-4453)

    * gstreamer: AV1 Video Parsing Stack-based Buffer Overflow (CVE-2024-0444)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This     vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer.
    Interaction with this library is required to exploit this vulnerability but attack vectors may vary     depending on the implementation. The specific flaw exists within the parsing of tile list data within     AV1-encoded video files. The issue results from the lack of proper validation of the length of user-     supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this     vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873. (CVE-2024-0444)

Note that Nessus relies on the presence of the package as reported by the vendor.

An update of the gstreamer package has been released.

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-919bc7e512 advisory.

    Update to gstreamer-1.22.9.

    ----

    Backport fix for CVE-2024-0444.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-73f181db2a advisory.

    Update to 1.26.19, fixes CVE-2024-0444.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-da86a4f061 advisory.

    Update to 1.26.19, fixes CVE-2024-0444.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2454 advisory.

    GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing

    NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.htmlNOTE:
    https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970NOTE: Fixed by:
    https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728df02fe9084e955b2f7d7f6fe     (1.22.9)ADVISORIES: ['DSA-5608-1'] (CVE-2024-0444)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5608 advisory.

    -----BEGIN PGP SIGNED MESSAGE-----     Hash: SHA512

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5608-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     January 27, 2024                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : gst-plugins-bad1.0     CVE ID         : CVE-2024-0444

    A heap-based buffer overflow during tile list parsing was discovered in     the AV1 video codec parser for the GStreamer media framework, which may     result in denial of service or potentially the execution of arbitrary     code if a malformed media file is opened.

    For the oldstable distribution (bullseye), this problem has been fixed     in version 1.18.4-3+deb11u4.

    For the stable distribution (bookworm), this problem has been fixed in     version 1.22.0-4+deb12u5.

    We recommend that you upgrade your gst-plugins-bad1.0 packages.

    For the detailed security status of gst-plugins-bad1.0 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW1XvtfFIAAAAAALgAo     aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2     NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND     z0T6lQ//U5/FcuUV+SLF3IYzbSGP3nxOl3njQNMQz12woGd8SJdFpsEgeyOFUqwE     1u6xUjNbryI3N/U3zGxEH3P5gZdcxXbQX3dWqHr6IrBC1ciBwKZrtmcmy9ME2OZd     1r2QYGNxGYr2d/E9IV6lvT6L2MPeKTbEmAUjCGgY/nsPi9P2ECwufD7KEHh+6IXn     5WRPEFIWioOXWhiBn02x612VHJUvux5geBz6oLkl9sc2V9coHx19kywaC9W2JMtt     SlyBaw3s7l2lv25rwTYCie1YmAgjsvnyZu3ijGMwHp/Sa7RYUkTC09S/fzuZlFOA     Dz5HRslsjvlk0SomPg5A0J6eDYVQUqE3fq3A2zRtkDbeGbScAmc4eyR1d4LE0FqT     POUxZoCR84fP542vOqLimvfdnkkaPSJwcQJRrwKx4r/hYFwOi4W1gwy90at7MQlj     zwrfExMcXu9B3WmzmwAcTsX9nrgyiXNKH3Lib0gT+93TbqdhUNHuj9zC885JfOwx     Th+jRaas4dyx4Tjaz83pJaUzEEIgAHByfr5N1UltvIUmO7AX9C9iLLyVVmgb2Qz0     ujdc1N8XSqcvB52psJe5o6oEx6UbAVTH48PGrCuYY2kfzKKHYUan6n8MILRw8Is4     FaUz4BAUd6Fjgo+jG/oS32grK7aujTbqRCiDaTDLcT/vywZldQA=     =giTa
    -----END PGP SIGNATURE-----



Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
237868	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : GStreamer Bad Plugins vulnerabilities (USN-7558-1)	Nessus	Ubuntu Local Security Checks	high
237275	Alibaba Cloud Linux 3 : 0072: gstreamer1-plugins-bad-free (ALINUX3-SA-2025:0072)	Nessus	Alibaba Cloud Linux Local Security Checks	high
237047	Oracle Linux 9 : gstreamer1, / gstreamer1-plugins-bad-free, / gstreamer1-plugins-ugly-free, / and / gstreamer1-rtsp-server (ELSA-2025-7178)	Nessus	Oracle Linux Local Security Checks	high
236936	Alibaba Cloud Linux 3 : 0065: gstreamer1 (ALINUX3-SA-2025:0065)	Nessus	Alibaba Cloud Linux Local Security Checks	high
235807	RHEL 9 : gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server (RHSA-2025:7178)	Nessus	Red Hat Local Security Checks	high
227579	Linux Distros Unpatched Vulnerability : CVE-2024-0444	Nessus	Misc.	high
204354	Photon OS 5.0: Gstreamer PHSA-2023-5.0-0167	Nessus	PhotonOS Local Security Checks	high
204259	Photon OS 4.0: Gstreamer PHSA-2023-4.0-0523	Nessus	PhotonOS Local Security Checks	high
201176	Fedora 39 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2024-919bc7e512)	Nessus	Fedora Local Security Checks	high
201166	Fedora 39 : mingw-python-urllib3 (2024-73f181db2a)	Nessus	Fedora Local Security Checks	high
201165	Fedora 40 : mingw-python-urllib3 (2024-da86a4f061)	Nessus	Fedora Local Security Checks	high
190693	Amazon Linux 2 : gstreamer1-plugins-bad-free (ALAS-2024-2454)	Nessus	Amazon Linux Local Security Checks	high
189723	Debian dsa-5608 : gir1.2-gst-plugins-bad-1.0 - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2024-0444

high

Tenable Plugins

Coming Soon

high

high

high

high

high

high

high

high

high

high

high

high

high