CVE-2025-3887 – GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

May 22, 2025

CVE ID : CVE-2025-3887

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3883 – eCharge Hardy Barth cPH2 Remote Command Injection Vulnerability

Next Article CVE-2025-3884 – Cloudera Hue Ace Editor Directory Traversal Information Disclosure

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

The best Costco deals to compete with Prime Day: TVs, laptops, Apple products, and more

This 9-in-1 off-grid portable power station has a 17-year lifespan – and it’s over 50% off

DistroWatch Weekly, Issue 1129

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

Microsoft Forms Was Down for Some Users; But Now Fixed

DistroWatch Weekly, Issue 1129

CVE-2025-3887 – GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CVE-2025-3830 – Kuangstudy KuangSimpleBBS Unrestricted File Upload Vulnerability

People are using ChatGPT to generate pictures of their perfect match based on looks — mine just made my brother

CVE-2025-29627 – KeeperChat Biometric Authentication Module Privilege Escalation Vulnerability

CVE-2025-48797 – “GIMP TGA Image File Buffer Overflow Vulnerability”

Microsoft AI system diagnoses complex cases better than human doctors – and for less money

CVE-2025-27409 – Joplin Server Path Traversal Vulnerability

CVE-2025-53386 – FTC’s Online Payment Processing System Authentication Bypass

“Fear not—we are cooking!” Helldivers 2 devs say there’s “exciting news to come” and a new Warbond in May as we defeat the Illuminate, which surely means it’s about to invade for real and kill us all

CVE-2025-3887 – GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Related Posts