Description
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.
Published: 2026-06-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in GStreamer’s AV1 parser causes a byte/bit confusion when passing a byte count to a bit-reader API, leading to parser desynchronization and an assertion abort that crashes the application. An attacker can remotely deliver a specially crafted AV1 media file to trick a user into opening it, resulting in a denial of service for the affected application.

Affected Systems

Red Hat Enterprise Linux 6 through 10 are impacted by GStreamer 1.x packages in the gst-plugins-bad suite. Users running any of these distributions should verify whether the affected gstreamer library is present on their systems.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1 percent reflects a very low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote user tricking a victim into opening a malicious AV1 file; the absence of a practical workaround means exploitation would require the file to be processed by the vulnerable parser, leading to a crash.

Generated by OpenCVE AI on June 16, 2026 at 23:34 UTC.

Remediation

Vendor Workaround

Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.

OpenCVE Recommended Actions

  • Apply the vendor-issued security update for GStreamer when it is released to address the byte/bit confusion flaw (CWE-617).
  • Limit or disable AV1 media playback from untrusted or unknown sources to prevent the vulnerable parser from processing malicious files, and enforce strict input validation to avoid bit parser errors (CWE-617).
  • Monitor system logs for unexpected assertion aborts or crashes related to media playback and investigate any suspicious activity promptly.

Generated by OpenCVE AI on June 16, 2026 at 23:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.
Title Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-617
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-16T15:03:24.401Z

Reserved: 2026-06-08T11:07:26.008Z

Link: CVE-2026-52718

cve-icon Vulnrichment

Updated: 2026-06-16T15:03:19.532Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:32.317

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-52718

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-15T00:00:00Z

Links: CVE-2026-52718 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:45:14Z

Weaknesses