PT-2026-23764 · Gstreamer+3 · Gstreamer+3

Utkarsh Gupta

Published

2026-01-01

Updated

2026-06-10

CVE-2026-2921

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)

Description This issue is a remote code execution flaw stemming from an integer overflow within the handling of RIFF palette data in AVI files. The problem arises from insufficient validation of user-supplied data, leading to a potential integer overflow before memory write operations. An attacker could exploit this to execute code within the current process context. Interaction with the GStreamer library is required for exploitation, and attack vectors may vary based on implementation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2026:19024

ALSA-2026:19180

ALSA-2026:6259

ALSA-2026:6300

ALSA-2026:6750

BDU:2026-06620

CVE-2026-2921

OESA-2026-1755

OESA-2026-1756

OESA-2026-1757

OESA-2026-1758

RHSA-2026:6259

RHSA-2026:6300

RHSA-2026:6750

RHSA-2026:7673

RHSA-2026:7850

RHSA-2026:8854

RHSA-2026:8857

RHSA-2026:8862

RHSA-2026:8874

RHSA-2026:8876

RHSA-2026:9446

RHSA-2026:9447

RHSA-2026:9487

RHSA-2026:9488

USN-8130-1

USN-8130-2

USN-8130-3

ZDI-26-168

Affected Products

Gstreamer

Linuxmint

Rocky Linux

Ubuntu

PT-2026-23764 · Gstreamer+3 · Gstreamer+3

CVE-2026-2921

Weakness Enumeration

Related Identifiers

Affected Products

References · 66