PT-2026-23771 · Gstreamer+3 · Gstreamer+3

Published

2026-01-01

Updated

2026-05-19

CVE-2026-3085

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)

Description A heap-based buffer overflow exists in the rtpqdm2depay component of GStreamer. This issue could lead to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2026:19024

ALSA-2026:19180

ALSA-2026:6259

ALSA-2026:6300

ALSA-2026:6750

BDU:2026-06666

CVE-2026-3085

ECHO-70E5-DF73-C55E

RHSA-2026:6259

RHSA-2026:6300

RHSA-2026:6750

RHSA-2026:7673

RHSA-2026:7850

RHSA-2026:8854

RHSA-2026:8857

RHSA-2026:8862

RHSA-2026:8874

RHSA-2026:8876

RHSA-2026:9446

RHSA-2026:9447

RHSA-2026:9487

RHSA-2026:9488

USN-8131-1

ZDI-26-167

Affected Products

Gstreamer

Linuxmint

Rocky Linux

Ubuntu

PT-2026-23771 · Gstreamer+3 · Gstreamer+3

CVE-2026-3085

Weakness Enumeration

Related Identifiers

Affected Products

References · 56