CVE-2026-46469

CVE Database · CVE-2026-46469

CVE-2026-46469

· MEDIUMAnalyzed

CVSS v3.1

4.0

EPSS

0.10%

Published

May 14, 2026

Modified

May 19, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-369

Affected Products (1)

freedesktop · gst-plugins-good (up to 1.28.2)vulnerable

References (2)

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch

Patch

https://gstreamer.freedesktop.org/security/sa-2026-0018.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs