Impact
An out‑of‑bounds read occurs in GStreamer's VA JPEG decoder within the gst‑plugins‑bad set. The decoder trusts the segment length field supplied by the JPEG stream without verifying that the declared length fits within the remaining data. A malicious image can therefore cause the decoder to read past the end of the buffer, potentially exposing resident memory contents to the attacker and triggering a crash.
Affected Systems
Red Hat Enterprise Linux distributions 6 through 10 include the vulnerable gst‑plugins‑bad package. Operators deploying any of these operating systems should verify that the GStreamer package with the buggy VA JPEG decoder is present, as any installation of that component is subject to exploitation.
Risk and Exploitability
The CVSS score of 7.1 reflects a high severity impact. The EPSS value of less than 1 % indicates that current exploitation probability is low, but the vulnerability is still present in deployed environments. It is not listed in CISA’s KEV catalog. An attacker needs to deliver a crafted JPEG to the target—typically by tricking a user into opening an infected image—implying a local or compromised media‑handling attack vector. No practical workaround is available from Red Hat; therefore the only effective mitigation is to apply the forthcoming Red Hat security update.
OpenCVE Enrichment
Debian DSA