- Description
- GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-121
- Hype score
- Not currently trending
🚨 CVE-2025-3887 Alert 🚨 Buffer overflow in #GStreamer's H.265 parser = SYSTEM COMPROMISE. 🔧 Patch: zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1725=1 Affects SUSE Linux, SAP, HPC. Read more: 👉 https://t.co/KjQ1GAYKu2 #RCE #LinuxSecurity https://t.co/W
@Cezar_H_Linux
29 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3887 GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on af… https://t.co/LDhnolNPtj
@CVEnew
22 May 2025
557 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3887: HIGH] Critical GStreamer H265 Codec vulnerability (ZDI-CAN-26596) allows remote attackers to execute code. Exploit requires library interaction. Issue in parsing H265 slice headers, enabling bu...#cve,CVE-2025-3887,#cybersecurity https://t.co/b57VOz7jje https://t.
@CveFindCom
22 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes