CVE-2026-1940
Received Received - Intake
Out-of-Bounds Read in GStreamer gst_wavparse_adtl_chunk Function

Publication date: 2026-03-23

Last updated on: 2026-05-04

Assigner: Red Hat, Inc.

Description
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1940
EUVD
EUVD-2026-14551
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
debian debian_linux 11.0
redhat enterprise_linux 8.0
debian debian_linux 12.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
gstreamer gstreamer to 1.28.1 (exc)
freedesktop gst-plugins-good 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds (OOB) read issue in the gst_wavparse_adtl_chunk() function caused by an incomplete fix for a previous vulnerability (CVE-2024-47778). The patch added a size validation check comparing lsize + 8 to the total size, but it failed to consider that the actual offset calculation uses GST_ROUND_UP_2(lsize). When lsize is an odd number, the parser advances more bytes than the validation allows, leading to reading memory beyond the intended buffer.

Impact Analysis

This vulnerability can lead to an out-of-bounds read, which may cause application crashes or potentially allow an attacker to read sensitive memory contents. According to the CVSS score (5.1), the impact includes low integrity and low availability impacts, meaning it could cause some data corruption or denial of service but does not directly affect confidentiality.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1940. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart