{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2921", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-02-20T22:26:53.743Z", "datePublished": "2026-03-13T20:41:50.780Z", "dateUpdated": "2026-03-16T15:41:06.206Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:41:50.780Z"}, "title": "GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854."}], "affected": [{"vendor": "GStreamer", "product": "GStreamer", "versions": [{"version": "1c6e163aa33962f5ee4a87d29319ccdd5cb67612", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-168/", "name": "ZDI-26-168", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e3a99c35266fc92dd6a18ac5fde028d0cda559e6", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-20T22:26:53.782Z", "datePublic": "2026-03-06T21:21:19.344Z", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2921", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T15:26:01.092634Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T15:41:06.206Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2921", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T15:26:01.092634Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T15:31:49.511Z"}}], "cna": {"title": "GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "GStreamer", "product": "GStreamer", "versions": [{"status": "affected", "version": "1c6e163aa33962f5ee4a87d29319ccdd5cb67612"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-06T21:21:19.344Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-168/", "name": "ZDI-26-168", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e3a99c35266fc92dd6a18ac5fde028d0cda559e6", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-20T22:26:53.782Z", "descriptions": [{"lang": "en", "value": "GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:41:50.780Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2921", "state": "PUBLISHED", "dateUpdated": "2026-03-16T15:41:06.206Z", "dateReserved": "2026-02-20T22:26:53.743Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2026-03-13T20:41:50.780Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854."}], "id": "CVE-2026-2921", "lastModified": "2026-03-16T14:53:07.390", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:32.730", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e3a99c35266fc92dd6a18ac5fde028d0cda559e6"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-168/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{"bugzilla": {"description": "GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling", "id": "2447496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447496"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow before writing to memory. An attacker can leverage this integer overflow to execute code in the context of the current process."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted AVI media files with applications that use the GStreamer library. Users should exercise caution when opening or playing AVI files from unknown or suspicious sources."}, "name": "CVE-2026-2921", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gstreamer", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gstreamer", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mingw-gstreamer1", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gstreamer1", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-13T20:41:50Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2921\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2921\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e3a99c35266fc92dd6a18ac5fde028d0cda559e6\nhttps://www.zerodayinitiative.com/advisories/ZDI-26-168/"], "statement": "This is an IMPORTANT vulnerability in GStreamer that allows arbitrary code execution. The flaw occurs due to an integer overflow when processing palette data in specially crafted AVI files. Exploitation requires a user to process a malicious AVI file with an application linked against the GStreamer library.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "1c6e163aa33962f5ee4a87d29319ccdd5cb67612"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "GStreamer", "source": "cna", "vendor": "GStreamer"}, "product": "gstreamer", "vendor": "gstreamer"}], "created": "2026-03-16T09:23:07.491845+00:00", "updated": "2026-03-16T09:23:07.491950+00:00", "vendors": ["gstreamer", "gstreamer$PRODUCT$gstreamer"]}