CVE-2026-52718
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Red Hat, Inc.

Description
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-52718
EUVD
EUVD-2026-36805
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gstreamer gstreamer1-plugins-bad to 1.28.5 (inc)
gstreamer gst-plugins-bad *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the GStreamer AV1 codec parser, specifically in the gst_av1_parser_parse_tile_list_obu() function. The function mistakenly passes a byte count to a bit-reader API that expects a bit count, causing the parser to become desynchronized.

As a result, when a user opens a specially crafted AV1 media file designed to exploit this flaw, the parser triggers an assertion abort, causing the application to crash.

This is a denial of service vulnerability because it causes the targeted application to stop functioning properly.

Impact Analysis

The vulnerability can cause applications using the affected GStreamer AV1 parser to crash when processing maliciously crafted AV1 media files.

This results in a denial of service condition, potentially disrupting media playback or other services relying on this codec.

Since the vulnerability can be triggered remotely by tricking a user into opening a malicious file, it poses a risk to systems that handle AV1 media content.

Detection Guidance

This vulnerability can be detected by testing if the system's GStreamer AV1 parser crashes when processing a specially crafted AV1 media file. A minimal 21-byte test file is sufficient to trigger the issue.

You can attempt to reproduce the crash by using GStreamer to open or process a maliciously crafted AV1 media file that targets the gst_av1_parser_parse_tile_list_obu() function.

While no specific commands are provided, a general approach would be to use gst-launch-1.0 or gst-play-1.0 to open the test file and observe if the application crashes.

  • gst-launch-1.0 playbin uri=file:///path/to/malicious_av1_file.av1
  • gst-play-1.0 /path/to/malicious_av1_file.av1

If the application crashes with an assertion abort, it indicates the presence of the vulnerability.

Mitigation Strategies

Immediate mitigation involves updating GStreamer to a fixed version where the vulnerability is resolved.

The fix is planned for GStreamer versions 1.28.4 or 1.28.5, so upgrading to one of these or a later patched version will mitigate the issue.

Until the update is applied, avoid opening or processing untrusted or suspicious AV1 media files that could exploit this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart