GST-Tensordecoder-ov_ep/security-advisories/sa-2025-0006.md

Security Advisory 2025-0006 (CVE-2025-47806)

Summary	Stack buffer overflow in SubRip subtitle parser
Date	2025-05-29 23:30
Affected Versions	GStreamer gst-plugins-base < 1.26.2
IDs	GStreamer-SA-2025-0006 CVE-2025-47806

Details

A stack buffer overflow in the SubRip subtitle parser that can cause crashes for certain input files.

Impact

It is possible for a malicious third party to trigger a stack buffer overflow that can result in a crash of the application.

Solution

The gst-plugins-base 1.26.2 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References

The GStreamer project

• https://gstreamer.freedesktop.org

CVE Database Entries

• CVE-2025-47806

GStreamer releases

1.26 (current stable)

• GStreamer 1.26.2 release notes
• GStreamer Plugins Base 1.26.2

Patches

• Patch (3-in-1)