GStreamer Base Plugins vulnerability
Published: Wed, 10 Jun 2026 11:30
Summary
GStreamer Base Plugins could be made to crash or run programs if it opened a specially crafted file.
Details
USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu xenial
gst-plugins-base1.0→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y gst-plugins-base1.0
Most apt upgrades restart their service automatically. needrestart lists anything else.
gir1.2-gst-plugins-base-1.0→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y gir1.2-gst-plugins-base-1.0
Most apt upgrades restart their service automatically. needrestart lists anything else.
gstreamer1.0-alsa→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y gstreamer1.0-alsa
Most apt upgrades restart their service automatically. needrestart lists anything else.
gstreamer1.0-plugins-base→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y gstreamer1.0-plugins-base
Most apt upgrades restart their service automatically. needrestart lists anything else.
gstreamer1.0-plugins-base-apps→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y gstreamer1.0-plugins-base-apps
Most apt upgrades restart their service automatically. needrestart lists anything else.
gstreamer1.0-plugins-base-doc→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y gstreamer1.0-plugins-base-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
gstreamer1.0-x→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y gstreamer1.0-x
Most apt upgrades restart their service automatically. needrestart lists anything else.
libgstreamer-plugins-base1.0-0→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libgstreamer-plugins-base1.0-0
Most apt upgrades restart their service automatically. needrestart lists anything else.
libgstreamer-plugins-base1.0-dev→1.8.3-1ubuntu0.3+esm4apt_upgradeStandard apt upgrade. Install 1.8.3-1ubuntu0.3+esm4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libgstreamer-plugins-base1.0-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8130-3?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8130-3 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.