GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-9928 User=admin}