Multiple vulnerabilities in GStreamer, including stack buffer overflows in the H.266 and H.265 parsers, out-of-bounds reads in the MOV/MP4 demuxer, and NULL-pointer dereferences in subtitle parsers, can be exploited by a remote attacker via malicious media files to cause denial of service, memory corruption, or potential arbitrary code execution. The specific affected version ranges are gst-plugins-bad >=1.26.0 to <1.26.3 for CVE-2025-6663, gst-plugins-good <1.26.2 for CVE-2025-47219, and gst-plugins-base <1.26.2 for CVE-2025-47807. These issues are addressed in the gst-plugins-bad 1.26.3, gst-plugins-good 1.26.2, and gst-plugins-base 1.26.2 releases, respectively [gstreamer.freedesktop.org](https://gstreamer.freedesktop.org/security/sa-2025-0007.html) [gstreamer.freedesktop.org](https://gstreamer.freedesktop.org/security/sa-2025-0004.html) [gstreamer.freedesktop.org](https://gstreamer.freedesktop.org/security/sa-2025-0002.html).