The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.3 release:
Six security vulnerabilities were addressed, including:
- Bounds check errors in MXF VANC packet handling.
- Use-after-free in GStreamer core buffer value deserialization.
- Out-of-bounds read in MXF demuxer temporal offset check.
- Out-of-bounds write in H.266/VVC parser when parsing PPS tile slices.
- Insufficient validation in MOV/MP4 demuxer uncompressed video handling.
- Out-of-bounds reads in MPEG PS PES header parsing.
These could lead to application crashes, memory corruption, or potentially arbitrary code execution.