{"id":"ALSA-2026:36674","summary":"Moderate: gstreamer1-plugins-ugly-free security update","details":"GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is not fully compatible with LGPL.  \n\nSecurity Fix(es):  \n\n  * gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser (CVE-2026-53703)\n  * gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer FILEINFO metadata parser (CVE-2026-53704)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-07-09T14:00:06.881653538Z","published":"2026-07-08T00:00:00Z","related":["CVE-2026-53703","CVE-2026-53704"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:36674"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-53703"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-53704"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2487613"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2487614"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2026-36674.html"}],"affected":[{"package":{"name":"gstreamer1-plugins-ugly-free","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/gstreamer1-plugins-ugly-free"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.12-6.el9_8.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:36674.json"}}],"schema_version":"1.7.5"}