CVE-2026-53702 - Vulnerability Details

- Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser

Description

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpb_cnt_minus1[i] (the loop index) instead of the sub-layer 0 CPB count cpb_cnt_minus1[0] from the referenced Sequence Parameter Set. A crafted H.265 video file or stream can cause the parser to write beyond the bounds of stack-allocated CPB delay arrays, resulting in a crash or potential stack memory corruption.

Published: 2026-06-11

Score: 6.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A stack buffer overflow flaw exists in the GStreamer H.265 codec parser library (gst-plugins-bad). When processing a buffering period SEI message, the parser incorrectly uses a loop bound derived from cpb_cnt_minus1[i] instead of the intended sub‑layer 0 CPB count cpb_cnt_minus1[0] from the referenced Sequence Parameter Set. This mismatch allows a crafted H.265 video file or stream to write beyond the bounds of stack‑allocated CPB delay arrays, causing a crash or potentially corrupting stack memory, which could lead to arbitrary code execution.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux 10, 7, 8, and 9, where the gstreamer1-plugins-bad-free package is installed. Specific version information is not provided, so all installed instances of this package on the mentioned RHEL releases are potentially impacted.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an attacker supplying a malicious H.265 media stream or file to an application that uses GStreamer with the gst-plugins-bad package on a vulnerable RHEL system. Exploitation would require local or remote access to trigger the parser, and successful exploitation could result in stack memory corruption and code execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Enterprise Linux 10	unknown	—
Red Hat	Red Hat Enterprise Linux 7	unknown	—
Red Hat	Red Hat Enterprise Linux 8	unknown	—
Red Hat	Red Hat Enterprise Linux 9	unknown	—

No data.

No data available yet.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

Register with the Red Hat Security team for updates and monitor for the release of an official patch or fix.
If the system does not require H.265 support, uninstall or disable the gst-plugins-bad package or block the loading of the offending library modules.
Apply restrictions on media ingestion or input sources so that untrusted video data cannot reach the vulnerable decoder, such as by sanitizing URLs, using application sandboxing, or configuring network firewalls to block unsolicited media streams.

Generated by OpenCVE AI on June 11, 2026 at 22:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-53702
https://bugzilla.redhat.com/show_bug.cgi?id=2487612

History

Thu, 11 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpb_cnt_minus1[i] (the loop index) instead of the sub-layer 0 CPB count cpb_cnt_minus1[0] from the referenced Sequence Parameter Set. A crafted H.265 video file or stream can cause the parser to write beyond the bounds of stack-allocated CPB delay arrays, resulting in a crash or potential stack memory corruption.
Title		Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-787
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-53702 https://bugzilla.redhat.com/show_bug.cgi?id=2487612
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Subscriptions

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-11T18:15:38.857Z

Updated: 2026-06-11T18:15:38.857Z

Reserved: 2026-06-10T15:40:26.501Z

Link: CVE-2026-53702

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-06-11T19:16:48.047

Modified: 2026-06-11T20:56:29.653

Link: CVE-2026-53702

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-11T22:30:09Z

Weaknesses

CWE-787
Out-of-bounds Write

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object