Description
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read occurs in GStreamer's VA JPEG decoder within the gst‑plugins‑bad set. The decoder trusts the segment length field supplied by the JPEG stream without verifying that the declared length fits within the remaining data. A malicious image can therefore cause the decoder to read past the end of the buffer, potentially exposing resident memory contents to the attacker and triggering a crash.

Affected Systems

Red Hat Enterprise Linux distributions 6 through 10 include the vulnerable gst‑plugins‑bad package. Operators deploying any of these operating systems should verify that the GStreamer package with the buggy VA JPEG decoder is present, as any installation of that component is subject to exploitation.

Risk and Exploitability

The CVSS score of 7.1 reflects a high severity impact. The EPSS value of less than 1 % indicates that current exploitation probability is low, but the vulnerability is still present in deployed environments. It is not listed in CISA’s KEV catalog. An attacker needs to deliver a crafted JPEG to the target—typically by tricking a user into opening an infected image—implying a local or compromised media‑handling attack vector. No practical workaround is available from Red Hat; therefore the only effective mitigation is to apply the forthcoming Red Hat security update.

Generated by OpenCVE AI on June 18, 2026 at 01:15 UTC.

Remediation

Vendor Workaround

Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.


OpenCVE Recommended Actions

  • Apply the latest Red Hat security update that addresses the VA JPEG decoder issue in GStreamer.
  • If the update is not yet available, consider disabling or removing the gst‑plugins‑bad package or otherwise preventing GStreamer from decoding JPEG images in applications that handle untrusted media.
  • Continuously monitor Red Hat advisories to deploy the fixed GStreamer version as soon as it becomes available.

Generated by OpenCVE AI on June 18, 2026 at 01:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6362-1 gst-plugins-bad1.0 security update
History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Gstreamer Project
Gstreamer Project gstreamer Plugin
Vendors & Products Gstreamer Project
Gstreamer Project gstreamer Plugin

Tue, 16 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure.
Title Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}


Subscriptions

Gstreamer Project Gstreamer Plugin
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T12:09:49.357Z

Reserved: 2026-06-08T11:07:26.008Z

Link: CVE-2026-52719

cve-icon Vulnrichment

Updated: 2026-06-30T03:16:42.608Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:32.447

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-52719

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-15T00:00:00Z

Links: CVE-2026-52719 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:57Z

Weaknesses