CVE-2026-2920
Modified Modified - Updated After Analysis

Heap-Based Buffer Overflow in GStreamer ASF Demuxer Enables RCE

Vulnerability report for CVE-2026-2920, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-16

Last updated on: 2026-06-30

Assigner: Zero Day Initiative

Description

GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-16
Last Modified
2026-06-30
Generated
2026-07-06
AI Q&A
2026-03-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gstreamer gstreamer to 1.28.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-2920 is a remote code execution vulnerability in the GStreamer ASF Demuxer caused by a heap-based buffer overflow.

The flaw arises from improper validation of the length of user-supplied data when processing stream headers within ASF files. Specifically, the vulnerability occurs because the length of the input data is not properly checked before copying it into a fixed-length heap buffer, allowing an attacker to overflow the buffer.

Exploiting this vulnerability requires interaction with the GStreamer library, but attack vectors may vary depending on the implementation. Successful exploitation enables remote attackers to execute arbitrary code with the privileges of the current process.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary code on affected systems running GStreamer.

Because the attacker can run code with the privileges of the current process, this can lead to full compromise of the affected system, including unauthorized access, data manipulation, or disruption of services.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves a heap-based buffer overflow in the GStreamer ASF Demuxer when processing ASF file stream headers. Detection typically requires monitoring for the presence of vulnerable versions of the GStreamer library or analyzing ASF file processing behavior.

Since exploitation requires interaction with the GStreamer library, one approach is to identify systems running GStreamer versions prior to the fix and monitor for suspicious ASF file processing or crashes related to ASF demuxing.

No specific detection commands or signatures are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to update GStreamer to the latest version that includes the fix for this vulnerability.

Additionally, avoid processing untrusted ASF files with vulnerable versions of GStreamer to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2920. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart