CVE-2026-53702
Awaiting Analysis Awaiting Analysis - Queue

Stack Buffer Overflow in GStreamer H.265 Codec Parser

Vulnerability report for CVE-2026-53702, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Red Hat, Inc.

Description

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpb_cnt_minus1[i] (the loop index) instead of the sub-layer 0 CPB count cpb_cnt_minus1[0] from the referenced Sequence Parameter Set. A crafted H.265 video file or stream can cause the parser to write beyond the bounds of stack-allocated CPB delay arrays, resulting in a crash or potential stack memory corruption.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gnome gstreamer From 1.28.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a stack buffer overflow in the GStreamer H.265 codec parser library, specifically in the buffering period SEI message parser. The parser incorrectly uses a loop bound derived from cpb_cnt_minus1[i] instead of cpb_cnt_minus1[0], which causes it to write beyond the allocated stack memory for CPB delay arrays.

A crafted H.265 video file or stream can exploit this flaw to cause the parser to overwrite memory beyond its intended bounds, potentially leading to a crash or memory corruption.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability affects the gstreamer1-plugins-bad-free package in GStreamer, specifically in the H.265 buffering period SEI parser. Detection involves verifying the version of the GStreamer package installed on your system.

To detect if your system is vulnerable, check the installed version of the gstreamer1-plugins-bad-free package. Versions prior to 1.28.3 are affected.

  • On a Linux system using rpm-based package management (e.g., Red Hat, CentOS, Fedora), run: rpm -q gstreamer1-plugins-bad-free
  • On a Debian-based system (e.g., Ubuntu), run: dpkg -l | grep gstreamer1-plugins-bad-free

If the installed version is older than 1.28.3, your system is vulnerable. Updating to version 1.28.3 or later will fix the issue.

There are no specific network detection commands or signatures provided for detecting exploitation attempts of this vulnerability in network traffic.

Impact Analysis

Exploitation of this vulnerability can cause the GStreamer H.265 parser to crash or experience stack memory corruption. This can lead to denial of service (application crashes) or potentially allow an attacker to execute arbitrary code or cause unpredictable behavior in the affected application.

Mitigation Strategies

To mitigate this vulnerability, you should update the GStreamer package gstreamer1-plugins-bad-free to version 1.28.3 or later, where the issue has been fixed.

The fix addresses the stack buffer overflow in the H.265 buffering period SEI parser by correcting the loop bound usage in the gst_h265_parser_parse_buffering_period() function.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53702. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart