CVE-2026-1940
Received Received - Intake
Out-of-Bounds Read in GStreamer gst_wavparse_adtl_chunk Function

Publication date: 2026-03-23

Last updated on: 2026-05-04

Assigner: Red Hat, Inc.

Description
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-05-04
Generated
2026-05-07
AI Q&A
2026-03-24
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1940
EUVD
EUVD-2026-14551
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
debian debian_linux 11.0
redhat enterprise_linux 8.0
debian debian_linux 12.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
gstreamer gstreamer to 1.28.1 (exc)
freedesktop gst-plugins-good 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an out-of-bounds (OOB) read issue in the gst_wavparse_adtl_chunk() function caused by an incomplete fix for a previous vulnerability (CVE-2024-47778). The patch added a size validation check comparing lsize + 8 to the total size, but it failed to consider that the actual offset calculation uses GST_ROUND_UP_2(lsize). When lsize is an odd number, the parser advances more bytes than the validation allows, leading to reading memory beyond the intended buffer.


How can this vulnerability impact me? :

This vulnerability can lead to an out-of-bounds read, which may cause application crashes or potentially allow an attacker to read sensitive memory contents. According to the CVSS score (5.1), the impact includes low integrity and low availability impacts, meaning it could cause some data corruption or denial of service but does not directly affect confidentiality.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart