In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
https://gstreamer.freedesktop.org/security/
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md