CVE-2026-53701
Awaiting Analysis Awaiting Analysis - Queue

Out-of-Bounds Write in GStreamer H.266/VVC PPS Parser

Vulnerability report for CVE-2026-53701, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Red Hat, Inc.

Description

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partition() (gsth266parser.c), the loop iterates without checking that the slice index stays within bounds, writing past three fixed-size arrays (slice_height_in_ctus, slice_top_left_ctu_x, slice_top_left_ctu_y) in the GstH266PPS structure. While the initial proof-of-concept demonstrated a 4-byte out-of-bounds write, the code permits larger writes across multiple iterations. A crafted H.266/VVC media file can trigger this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gstreamer gstreamer1-plugins-bad to 1.28.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-53701 is an out-of-bounds write vulnerability in the GStreamer multimedia framework, specifically in the gstreamer1-plugins-bad-free package. It occurs in the H.266/VVC PPS picture partition parser within the function gst_h266_parser_parse_picture_partition().

The vulnerability arises because a loop that processes multi-slice-in-tile data writes beyond the bounds of three fixed-size arrays without checking if the slice index is within valid limits. This can lead to memory corruption.

A crafted H.266/VVC media file can trigger this flaw, potentially causing out-of-bounds writes that may be larger than initially demonstrated.

Impact Analysis

This vulnerability can lead to memory corruption, which attackers could exploit to cause application crashes or potentially execute arbitrary code.

Exploitation requires a specially crafted H.266/VVC media file that triggers the out-of-bounds write during parsing.

The impact severity is rated as medium, with a CVSS base score of 6.5, indicating a significant risk especially for applications processing untrusted media files.

Mitigation Strategies

To mitigate this vulnerability, update the GStreamer multimedia framework to version 1.28.3 or later, where the issue has been fixed.

The fix addresses the out-of-bounds write in the H.266/VVC PPS picture partition parser and prevents potential arbitrary code execution or application crashes.

Detection Guidance

This vulnerability involves an out-of-bounds write in the GStreamer H.266/VVC PPS picture partition parser when processing crafted H.266/VVC media files. Detection typically involves identifying the presence of vulnerable versions of the gstreamer1-plugins-bad-free package or monitoring for crashes or abnormal behavior when processing such media files.

To detect if your system is vulnerable, you can check the installed version of GStreamer plugins and verify if it is older than version 1.28.3, which contains the fix.

  • Check the installed version of gstreamer1-plugins-bad-free (example for RPM-based systems): rpm -q gstreamer1-plugins-bad-free
  • On Debian-based systems, check the package version: dpkg -l | grep gstreamer1-plugins-bad-free
  • Monitor application logs or system logs for crashes or segmentation faults related to GStreamer when processing H.266/VVC media files.
  • Use network monitoring tools to detect suspicious H.266/VVC media files being processed or transferred, as these could trigger the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53701. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart