Description
A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read occurs in the GStreamer RealMedia demuxer when parsing MDPR chunks for audio stream headers with versions 4 and 5. The parser reads fields from fixed offsets without verifying that the chunk contains sufficient data, allowing a malicious .rm file to cause the application to crash. In some cases, bytes read beyond the buffer can be incorporated into stream metadata, potentially exposing limited information. This flaw is identified as CWE‑125 and results in a high‑severity denial of service.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux 7 through 10 where the gstreamer1-plugins-ugly-free (gst‑plugins‑ugly) package is installed. Exact package or kernel versions are not specified in the data, so any impacted RHEL release that includes this plugin set is at risk.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact, while the EPSS score of less than 1 % suggests that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Inference indicates that an attacker would need to supply a specially crafted .rm file to a GStreamer‑powered application, which could be local or, in some deployment scenarios, remote if the application retrieves media from untrusted sources. The failure to read input securely can lead to application termination and, potentially, the disclosure of restricted data.

Generated by OpenCVE AI on June 18, 2026 at 01:14 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.


OpenCVE Recommended Actions

  • Check for and apply Red Hat updates that address CVE‑2026‑53703
  • If the gstreamer‑plugins‑ugly package is not required, uninstall or disable it to eliminate the vulnerable code path
  • Restrict the ingestion of RealMedia (.rm) files by controlling user permissions or implementing input validation to prevent malicious files from being processed

Generated by OpenCVE AI on June 18, 2026 at 01:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Gstreamer
Gstreamer gstreamer
Vendors & Products Gstreamer
Gstreamer gstreamer

Tue, 16 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.
Title Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}


Subscriptions

Gstreamer Gstreamer
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-16T15:05:41.467Z

Reserved: 2026-06-10T15:40:26.501Z

Link: CVE-2026-53703

cve-icon Vulnrichment

Updated: 2026-06-16T15:05:36.337Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:33.563

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-53703

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-12T00:00:00Z

Links: CVE-2026-53703 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:50Z

Weaknesses