Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities
Publication date: 18 Jun 2026Modification date: 18 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-3083 , CVE-2026-3085 , CVE-2026-2923 , CVE-2026-2920 , CVE-2026-2922 , CVE-2026-2921 , CVE-2026-3082 , CVE-2026-1940
Description
CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code
Execution Vulnerability
CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code
Execution Vulnerability
CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote
Code Execution Vulnerability
CVE-2026-3085, GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote
Code Execution Vulnerability
CVE-2026-2920, GStreamer ASF Demuxer Heap-based Buffer Overflow Remote
Code Execution Vulnerability
CVE-2026-2922, GStreamer ASF Demuxer Heap-based Buffer Overflow Remote
Code Execution Vulnerability
CVE-2026-1940, Gstreamer: incomplete fix of CVE-2026-1940
References
- https://bugs.mageia.org/show_bug.cgi?id=35216
- https://lists.debian.org/debian-security-announce/2026/msg00076.html
- https://lists.debian.org/debian-security-announce/2026/msg00100.html
- https://www.cve.org/CVERecord?id=CVE-2026-3083
- https://www.cve.org/CVERecord?id=CVE-2026-3085
- https://www.cve.org/CVERecord?id=CVE-2026-2923
- https://www.cve.org/CVERecord?id=CVE-2026-2920
- https://www.cve.org/CVERecord?id=CVE-2026-2922
- https://www.cve.org/CVERecord?id=CVE-2026-2921
- https://www.cve.org/CVERecord?id=CVE-2026-3082
- https://www.cve.org/CVERecord?id=CVE-2026-1940
SRPMS
9/core
- gstreamer1.0-plugins-bad-1.22.11-1.2.mga9
- gstreamer1.0-plugins-base-1.22.11-1.3.mga9
- gstreamer1.0-plugins-good-1.22.11-1.2.mga9
- gstreamer1.0-plugins-ugly-1.22.11-1.1.mga9
9/tainted
- gstreamer1.0-plugins-bad-1.22.11-1.2.mga9.tainted
- gstreamer1.0-plugins-ugly-1.22.11-1.1.mga9.tainted