{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2920", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-02-20T22:26:46.339Z", "datePublished": "2026-03-13T20:38:27.802Z", "dateUpdated": "2026-03-16T20:23:57.712Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:38:27.802Z"}, "title": "GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843."}], "affected": [{"vendor": "GStreamer", "product": "GStreamer", "versions": [{"version": "1c6e163aa33962f5ee4a87d29319ccdd5cb67612", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-164/", "name": "ZDI-26-164", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-20T22:26:46.412Z", "datePublic": "2026-03-06T21:20:58.769Z", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T20:23:45.493748Z", "id": "CVE-2026-2920", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:23:57.712Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T20:23:45.493748Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:23:53.849Z"}}], "cna": {"title": "GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "GStreamer", "product": "GStreamer", "versions": [{"status": "affected", "version": "1c6e163aa33962f5ee4a87d29319ccdd5cb67612"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-06T21:20:58.769Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-164/", "name": "ZDI-26-164", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-20T22:26:46.412Z", "descriptions": [{"lang": "en", "value": "GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:38:27.802Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2920", "state": "PUBLISHED", "dateUpdated": "2026-03-16T20:23:57.712Z", "dateReserved": "2026-02-20T22:26:46.339Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2026-03-13T20:38:27.802Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843."}], "id": "CVE-2026-2920", "lastModified": "2026-03-16T14:53:07.390", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:31.637", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-164/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{"bugzilla": {"description": "GStreamer: GStreamer: Arbitrary code execution via ASF file processing", "id": "2447490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447490"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF (Advanced Systems Format) files, leading to data being copied to a fixed-length heap-based buffer without proper bounds checking. Successful exploitation can result in arbitrary code execution in the context of the current process."], "mitigation": {"lang": "en:us", "value": "Avoid processing untrusted ASF (Advanced Systems Format) media files. This vulnerability in the GStreamer ASF Demuxer requires user interaction, such as opening a malicious ASF file, to trigger the heap-based buffer overflow. Limiting exposure to untrusted media content can reduce the attack surface."}, "name": "CVE-2026-2920", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "gstreamer", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gstreamer", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mingw-gstreamer1", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-13T20:38:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2920\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2920\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3\nhttps://www.zerodayinitiative.com/advisories/ZDI-26-164/"], "statement": "This is an IMPORTANT heap-based buffer overflow vulnerability in the GStreamer ASF Demuxer. The flaw allows remote code execution when processing specially crafted ASF files due to improper validation of stream header lengths. Red Hat products utilizing GStreamer for multimedia processing are affected if they handle untrusted ASF content.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "1c6e163aa33962f5ee4a87d29319ccdd5cb67612"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "GStreamer", "source": "cna", "vendor": "GStreamer"}, "product": "gstreamer", "vendor": "gstreamer"}], "created": "2026-03-16T09:23:37.435341+00:00", "updated": "2026-03-16T09:23:37.435414+00:00", "vendors": ["gstreamer", "gstreamer$PRODUCT$gstreamer"]}