CVE-2026-53702

Received Received - Intake

Stack Buffer Overflow in GStreamer H.265 Codec Parser

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Red Hat, Inc.

Description

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpb_cnt_minus1[i] (the loop index) instead of the sub-layer 0 CPB count cpb_cnt_minus1[0] from the referenced Sequence Parameter Set. A crafted H.265 video file or stream can cause the parser to write beyond the bounds of stack-allocated CPB delay arrays, resulting in a crash or potential stack memory corruption.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-11

Last Modified

2026-06-11

Generated

2026-06-11

EPSS Evaluated

N/A

NVD

CVE-2026-53702

EUVD

EUVD-2026-36295

Affected Vendors & Products

Vendor	Product	Version / Range
gnome	gstreamer	From 1.28.3 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-787	The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions have not been generated yet.

Hi! I’m here to help you understand CVE-2026-53702. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-53702

Stack Buffer Overflow in GStreamer H.265 Codec Parser

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart