CVE-2025-3887
Published: 22 May 2025
Summary
CVE-2025-3887 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gstreamer Gstreamer. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
GStreamer contains a stack-based buffer overflow vulnerability in its H265 codec parsing code that can lead to remote code execution. The flaw occurs during handling of H265 slice headers when the library fails to validate the length of attacker-supplied data before copying it into a fixed-size stack buffer. Affected installations include any application that uses the GStreamer multimedia framework to process H265 content.
Remote attackers can exploit the issue by supplying a malicious H265 stream or file to a vulnerable GStreamer-based application. Successful exploitation grants arbitrary code execution in the context of the process that invokes the library, with no authentication required and only user interaction needed to trigger media parsing.
Public advisories from the Zero Day Initiative and Debian reference patches that address the buffer handling defect in GStreamer. The associated EPSS score has remained flat at 0.0491 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16092
Vulnerability details
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary…
more
depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.