Description
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
Published: 2026-03-23
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Out‑of‑Bounds Read
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises in GStreamer’s wavparse ADTL chunk parser, where a size validation check was added but fails to account for a rounding operation used in offset calculation. When the length field contains an odd number, the parser advances beyond the validated boundary, resulting in an out‑of‑bounds read that could expose data stored adjacent to the buffer. The flaw could lead to the disclosure of confidential information but does not provide control or denial‑of‑service capabilities.

Affected Systems

Red Hat Enterprise Linux ships the GStreamer library in its core repositories. Versions 6 through 10 contain the affected implementation. Systems running any of these distributions and relying on the bundled GStreamer binaries are susceptible until they receive the fully corrected package.

Risk and Exploitability

The CVSS base score of 5.1 places the issue in the medium severity range, and the current EPSS estimate is below 1 %. It is not recorded in the CISA Known Exploited Vulnerabilities catalogue, indicating no widespread or confirmed public exploitation. Based on the technical description, a likely attack vector would involve a remote attacker supplying a crafted WAV file to an application that parses media using GStreamer. The impact would be limited to information disclosure rather than code execution or denial of service, but monitoring for anomalous reads remains prudent.

Generated by OpenCVE AI on March 24, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the GStreamer package to the latest version provided by Red Hat that implements the complete fix for the ADTL chunk parsing logic.
  • Verify the installed package version using your distribution’s package manager (for example, rpm -q gstreamer) and ensure it matches the patched release.
  • If an update is not immediately available, isolate or disable any application components that process WAV files until the issue can be addressed.
  • Enable logging or monitoring for anomalous memory access patterns that could indicate an exploitation attempt.

Generated by OpenCVE AI on March 24, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 02:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Description An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
Title Gstreamer: incomplete fix of cve-2026-1940
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-24T13:43:53.427Z

Reserved: 2026-02-04T21:25:31.430Z

Link: CVE-2026-1940

cve-icon Vulnrichment

Updated: 2026-03-24T13:42:50.216Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T22:16:25.043

Modified: 2026-03-24T15:54:09.400

Link: CVE-2026-1940

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-25T00:00:00Z

Links: CVE-2026-1940 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:36:26Z

Weaknesses