Description
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read occurs in the VA JPEG decoder component of GStreamer’s gst‑plugins‑bad. The parser accepts a segment length field from the JPEG stream without ensuring that the declared length fits within the remaining input, which allows a maliciously crafted JPEG file to force the decoder to read past the end of the supplied buffer. This can cause the application to crash or expose memory contents to the attacker, a behavior classified as CWE‑125 and representing an information disclosure vulnerability that can be triggered by local execution of a compromised image.

Affected Systems

The vulnerability impacts the GStreamer gst‑plugins‑bad package bundled with Red Hat Enterprise Linux versions 6 through 10. The CNA advisory lists these operating systems as affected; no specific product or version qualifiers are supplied beyond the distro level, indicating that any installation of the gst‑plugins‑bad plugin set containing the vulnerable VA JPEG decoder is potentially exposed.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity level, while the EPSS value of less than 1% suggests that exploitation is currently unlikely but still possible. The vulnerability is not cataloged in CISA’s KEV list. An attacker would need to deliver the crafted JPEG to the target user, implying the attack vector is local or compromised media handling. No practical workaround is available from Red Hat; therefore the prescribed mitigation is to apply the forthcoming security update or otherwise prevent use of the vulnerable decoder.

Generated by OpenCVE AI on June 16, 2026 at 22:45 UTC.

Remediation

Vendor Workaround

Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update that fixes the VA JPEG decoder issue in GStreamer.
  • If the update is not yet available, disable or remove the gst‑plugins‑bad package or otherwise prevent JPEG decoding via GStreamer in sensitive applications.
  • Monitor Red Hat advisories and update GStreamer to the fixed version as soon as it becomes available.

Generated by OpenCVE AI on June 16, 2026 at 22:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure.
Title Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-16T13:09:29.019Z

Reserved: 2026-06-08T11:07:26.008Z

Link: CVE-2026-52719

cve-icon Vulnrichment

Updated: 2026-06-16T13:09:25.373Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:32.447

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-52719

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-15T00:00:00Z

Links: CVE-2026-52719 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:00:06Z

Weaknesses