Search CVE reports


Toggle filters

1 – 10 of 36 results


CVE-2026-59692

Medium priority
Needs evaluation

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking....

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-59691

Medium priority
Needs evaluation

A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-14935

Medium priority
Needs evaluation

A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-12892

Medium priority
Needs evaluation

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing....

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-12891

Medium priority
Needs evaluation

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-52722

Medium priority
Needs evaluation

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-52721

Medium priority
Needs evaluation

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-52720

Medium priority
Needs evaluation

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-52719

Medium priority
Needs evaluation

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-52718

Medium priority
Needs evaluation

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser...

1 affected package

gst-plugins-bad1.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gst-plugins-bad1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages