Impact
The vulnerability arises from out-of-bounds reads in GStreamer’s pcapparse element when it processes malformed PCAP records during IPv4/TCP header parsing. This flaw, identified as CWE‑125, can lead to accidental disclosure of memory contents or a program crash. The element is mainly used in debugging pipelines, which limits the typical exposure but still poses a risk if a local attacker can supply a crafted PCAP file to a victim’s system.
Affected Systems
Red Hat Enterprise Linux 10, 6, 7, 8, and 9 are affected through the GStreamer gstreamer1‑plugins‑bad‑free package that contains the vulnerable pcapparse element. Any system running one of these RHEL releases with the default GStreamer debugging components is susceptible.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate risk, and the EPSS score of < 1 % suggests a very low likelihood of exploitation. Because the flaw requires a local attacker to compel a user to load a specially crafted PCAP file, the attack vector is likely local and relies on user interaction. The vulnerability is not listed in the CISA KEV catalog, further indicating a lower exploit probability in the wild. The vendor has stated no practical temporary workaround is available, so the only mitigation is applying the patch.
OpenCVE Enrichment