PT-2026-23764 · Gstreamer+3 · Gstreamer+3

Utkarsh Gupta

·

Publicado

2026-01-01

·

Atualizado

2026-06-10

·

CVE-2026-2921

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)
Description This issue is a remote code execution flaw stemming from an integer overflow within the handling of RIFF palette data in AVI files. The problem arises from insufficient validation of user-supplied data, leading to a potential integer overflow before memory write operations. An attacker could exploit this to execute code within the current process context. Interaction with the GStreamer library is required for exploitation, and attack vectors may vary based on implementation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALSA-2026:19024
ALSA-2026:19180
ALSA-2026:6259
ALSA-2026:6300
ALSA-2026:6750
BDU:2026-06620
CVE-2026-2921
OESA-2026-1755
OESA-2026-1756
OESA-2026-1757
OESA-2026-1758
RHSA-2026:6259
RHSA-2026:6300
RHSA-2026:6750
RHSA-2026:7673
RHSA-2026:7850
RHSA-2026:8854
RHSA-2026:8857
RHSA-2026:8862
RHSA-2026:8874
RHSA-2026:8876
RHSA-2026:9446
RHSA-2026:9447
RHSA-2026:9487
RHSA-2026:9488
USN-8130-1
USN-8130-2
USN-8130-3
ZDI-26-168

Produtos afetados

Gstreamer
Linuxmint
Rocky Linux
Ubuntu