CVE-2026-2922

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with the library is required for exploitation, and attack vectors may vary. The flaw resides in the processing of video packets due to insufficient validation of user-supplied data, leading to a write past the end of an allocated buffer. An attacker can leverage this to execute code within the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2026:19024

ALSA-2026:19180

ALSA-2026:6259

ALSA-2026:6300

BDU:2026-06335

CVE-2026-2922

OPENSUSE-SU-2026:20402-1

RHSA-2026:6259

RHSA-2026:6300

RHSA-2026:8854

RHSA-2026:8862

SUSE-SU-2026:0998-1

SUSE-SU-2026:20915-1

ZDI-26-165

Affected Products

Gstreamer

Rocky Linux

CVE-2026-2922

Weakness Enumeration

Related Identifiers

Affected Products

References · 53