PT-2026-23768 · Gstreamer+1 · Gstreamer+1

Publicado

2026-01-01

Atualizado

2026-05-19

CVE-2026-3082

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with the library is required for exploitation, with attack vectors varying based on implementation. The flaw resides in the processing of Huffman tables, stemming from insufficient validation of user-supplied data length before copying it into a fixed-length heap-based buffer. An attacker can exploit this to execute code within the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122

Identificadores relacionados

ALSA-2026:19024

ALSA-2026:19180

ALSA-2026:6259

ALSA-2026:6300

ALSA-2026:6750

BDU:2026-06663

CVE-2026-3082

OESA-2026-1735

RHSA-2026:6259

RHSA-2026:6300

RHSA-2026:6750

RHSA-2026:7673

RHSA-2026:8854

RHSA-2026:8857

RHSA-2026:8862

RHSA-2026:8874

RHSA-2026:8876

RHSA-2026:9446

RHSA-2026:9447

RHSA-2026:9487

RHSA-2026:9488

ZDI-26-163

Produtos afetados

Gstreamer

Rocky Linux

PT-2026-23768 · Gstreamer+1 · Gstreamer+1

CVE-2026-3082

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52