GST-Tensordecoder-ov_ep/security-advisories/sa-2025-0002.md

Security Advisory 2025-0002 (CVE-2025-47807)

Summary	NULL-pointer dereference in SubRip subtitle parser
Date	2025-05-29 23:30
Affected Versions	GStreamer gst-plugins-base < 1.26.2
IDs	GStreamer-SA-2025-0002 CVE-2025-47807

Details

A NULL-pointer dereference in the SubRip subtitle parser that can cause crashes for certain input files.

Impact

It is possible for a malicious third party to trigger a NULL-pointer dereference that can result in a crash of the application.

Solution

The gst-plugins-base 1.26.2 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References

The GStreamer project

• https://gstreamer.freedesktop.org

CVE Database Entries

• CVE-2025-47807

GStreamer releases

1.26 (current stable)

• GStreamer 1.26.2 release notes
• GStreamer Plugins Base 1.26.2

Patches

• Patch (3-in-1)