CVE-2026-12892
Analyzed Analyzed - Analysis Complete

Heap Out-of-Bounds Read in GStreamer gst-plugins-bad

Vulnerability report for CVE-2026-12892, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-07-06

Assigner: Red Hat, Inc.

Description

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary information without first verifying that the NAL unit contains enough data beyond the extension header. An attacker could exploit this by tricking a user into opening a malicious H.264 video file, potentially causing the application to crash or leak a single byte of heap memory.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-07-06
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
gstreamer gstreamer *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in the GStreamer's gst-plugins-bad package related to processing H.264 video files. Specifically, when the software processes a specially crafted H.264 video containing malformed MVC or SVC extension slice NAL units, it can perform a 1-byte heap out-of-bounds read during parsing.

The issue arises because the parser tries to check slice boundary information without first verifying that the NAL unit has enough data beyond the extension header. This can be exploited by an attacker who tricks a user into opening a malicious H.264 video file.

The potential result of this exploitation is that the application may crash or leak a single byte of heap memory.

Impact Analysis

If exploited, this vulnerability can cause the affected application to crash, leading to denial of service.

Additionally, it may leak a single byte of heap memory, which could potentially be used in further attacks, although the impact is limited given the small amount of leaked data.

The attack requires a user to open a specially crafted malicious H.264 video file, so user interaction is necessary.

Compliance Impact

The vulnerability in GStreamer's gst-plugins-bad package involves a 1-byte heap out-of-bounds read that could potentially leak a single byte of heap memory when processing a specially crafted H.264 video file.

However, there is no specific information provided about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves a 1-byte heap out-of-bounds read in the gst_h264_parse_process_nal() function when processing specially crafted H.264 video files with malformed MVC or SVC extension slice NAL units.

Detection on your system can involve identifying usage of the vulnerable gstreamer1-plugins-bad package, especially versions around 1.29.1.1 or other 1.x versions.

You can check the installed version of the package with commands like:

  • On RPM-based systems (e.g., Red Hat, CentOS, Fedora): rpm -q gstreamer1-plugins-bad
  • On Debian-based systems (e.g., Ubuntu): dpkg -l | grep gstreamer1-plugins-bad

For network detection, monitoring for suspicious or malformed H.264 video files being opened or processed could help, but no specific network detection commands are provided.

Mitigation Strategies

Immediate mitigation steps include updating the gstreamer1-plugins-bad package to a version where this vulnerability is fixed.

Until an update is applied, avoid opening or processing untrusted or suspicious H.264 video files, especially those that might contain malformed MVC or SVC extension slice NAL units.

If possible, apply any vendor-provided patches or security advisories related to this CVE.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12892. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart