CVE-2026-53705
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Red Hat, Inc.

Description
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-53705
EUVD
EUVD-2026-36799
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gstreamer gst-plugins-good to 1.28.4 (exc)
gstreamer gst-plugins-good *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap buffer overflow in the GStreamer WavPack audio decoder, specifically in the gst_wavpack_dec_handle_frame() function. It occurs due to an integer overflow in the calculation of the buffer size needed to store decoded audio samples. The calculation uses 32-bit arithmetic which can wrap around, causing the program to allocate a much smaller buffer than required.

When processing a specially crafted WavPack audio file, this overflow leads to the WavPack library writing decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption.

This flaw affects both 32-bit and 64-bit systems and can be exploited remotely by convincing a user to open a malicious WavPack file, potentially causing application crashes or arbitrary code execution.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to crash applications that use the vulnerable GStreamer WavPack decoder or potentially execute arbitrary code on your system.

If you open a maliciously crafted WavPack audio file, the attacker could exploit the integer overflow to cause heap memory corruption, which may lead to denial of service or compromise of your system's security.

Detection Guidance

This vulnerability involves a heap buffer overflow triggered by processing a specially crafted WavPack audio file in GStreamer's WavPack decoder. Detection would involve identifying attempts to open or process suspicious or malformed WavPack files that could exploit this flaw.

Since the vulnerability is triggered by a crafted WavPack file, monitoring for unusual or unexpected WavPack file processing or scanning files for abnormal block_samples values (such as very large values like 0x20000001) could help detect exploitation attempts.

No specific detection commands or signatures are provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include avoiding opening or processing untrusted or suspicious WavPack audio files with vulnerable versions of GStreamer (prior to 1.28.4).

Applying the upcoming patch or upgrading to GStreamer version 1.28.4 or later, where the fix for this vulnerability is included, is recommended once available.

Additionally, restricting user interaction with untrusted media files and employing application-level sandboxing or privilege restrictions can reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53705. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart