FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gstreamer1 -- multiple vulnerabilities

Affected packages
	gstreamer1	<	1.28.1
	gstreamer1-plugins	<	1.28.1
	gstreamer1-plugins-good	<	1.28.1
	gstreamer1-plugins-bad	<	1.28.1
	gstreamer1-plugins-ugly	<	1.28.1

Details

VuXML ID	791d4b29-19fb-11f1-87cc-e73692421fef
Discovery	2026-02-25
Entry	2026-03-07

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.1 release:

Twelve security vulnerabilities were addressed, including:

Out-of-bounds reads and writes in the H.266 video parser, WAV parser, MP4 and ASF demuxers, and DVB subtitle decoder.

Integer overflows in the RIFF parser and Huffman table handling in the JPEG parser.

Stack buffer overflows in the RTP QDM2 depayloader and H.266 parser.

These could lead to application crashes or potentially arbitrary code execution.

[source]

References

CVE Name	CVE-2026-1940
CVE Name	CVE-2026-2920
CVE Name	CVE-2026-2921
CVE Name	CVE-2026-2922
CVE Name	CVE-2026-2923
CVE Name	CVE-2026-3081
CVE Name	CVE-2026-3082
CVE Name	CVE-2026-3083
CVE Name	CVE-2026-3084
CVE Name	CVE-2026-3085
CVE Name	CVE-2026-3086
URL	https://gstreamer.freedesktop.org/security/sa-2026-0001.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0002.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0003.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0004.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0005.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0006.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0007.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0008.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0009.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0010.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0011.html
URL	https://gstreamer.freedesktop.org/security/sa-2026-0012.html