CVE-2026-53701

Received Received - Intake

Out-of-Bounds Write in GStreamer H.266/VVC PPS Parser

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Red Hat, Inc.

Description

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partition() (gsth266parser.c), the loop iterates without checking that the slice index stays within bounds, writing past three fixed-size arrays (slice_height_in_ctus, slice_top_left_ctu_x, slice_top_left_ctu_y) in the GstH266PPS structure. While the initial proof-of-concept demonstrated a 4-byte out-of-bounds write, the code permits larger writes across multiple iterations. A crafted H.266/VVC media file can trigger this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-11

Last Modified

2026-06-11

Generated

2026-06-11

EPSS Evaluated

N/A

NVD

CVE-2026-53701

EUVD

EUVD-2026-36294

Affected Vendors & Products

Vendor	Product	Version / Range
gstreamer	gstreamer1-plugins-bad	to 1.28.3 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-787	The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions have not been generated yet.

Hi! I’m here to help you understand CVE-2026-53701. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-53701

Out-of-Bounds Write in GStreamer H.266/VVC PPS Parser

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart