CVE-2026-12892

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad (affected versions not specified)

Description A flaw in the gst-plugins-bad package occurs when processing a specially crafted H.264 video file containing malformed Multiview Video Coding (MVC) or Scalable Video Coding (SVC) extension slice Network Abstraction Layer (NAL) units. A 1-byte heap out-of-bounds read can happen during parsing because the parser checks slice boundary information without verifying if the NAL unit contains sufficient data beyond the extension header. This could lead to an application crash or the leakage of a single byte of heap memory if a user opens a malicious file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.