CVE-2026-46469

4.0 MEDIUM

An issue was discovered in GStreamer gst-plugins-good before 1.28.2

Published: 2026-05-14 · Last updated: 2026-05-19

Severity and scoring

CVSS: 4.0 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-369

Affected products

Vendor	Product
freedesktop	gst-plugins-good

Description

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-50292 — In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arb... (7.4 HIGH)
CVE-2026-46470 — An issue was discovered in GStreamer gst-plugins-good before 1.28.2 (4.0 MEDIUM)

Same CWE

CVE-2025-70100 — A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers... (5.5 MEDIUM)
CVE-2026-37232 — An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation (8.6 HIGH)
CVE-2026-10201 — A vulnerability was determined in Assimp up to 6.0.4 (3.3 LOW)
CVE-2026-46184 — In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity ch... (5.5 MEDIUM)
CVE-2026-46161 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies s... (5.5 MEDIUM)