GST-Tensordecoder-ov_ep/security-advisories/sa-2025-0003.md

Security Advisory 2025-0003 (CVE-2025-47808)

Summary	NULL-pointer dereference in TMPlayer subtitle parser
Date	2025-05-29 23:30
Affected Versions	GStreamer gst-plugins-base < 1.26.2
IDs	GStreamer-SA-2025-0003 CVE-2025-47808

Details

A NULL-pointer dereference in the TMPlayer subtitle parser that can cause crashes for certain input files.

Impact

It is possible for a malicious third party to trigger a NULL-pointer dereference that can result in a crash of the application.

Solution

The gst-plugins-base 1.26.2 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References

The GStreamer project

• https://gstreamer.freedesktop.org

CVE Database Entries

• CVE-2025-47808

GStreamer releases

1.26 (current stable)

• GStreamer 1.26.2 release notes
• GStreamer Plugins Base 1.26.2

Patches

• Patch (3-in-1)