Description
A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GStreamer’s RealMedia demuxer in the gst-plugins‑ugly package fails to validate offsets when parsing FILEINFO metadata, and it reads the loop‑count value directly from attacker‑controlled data. A crafted RealMedia file can cause the demuxer to read beyond the end of the buffer, potentially leaking limited adjacent memory contents and triggering an infinite loop that leads to an application crash or hang. The vulnerability is a classic out‑of‑bounds read (CWE‑125) and can compromise application availability and confidentiality.

Affected Systems

The issue affects Red Hat Enterprise Linux 7, 8, 9, and 10 systems that include the gstreamer‑plugins‑ugly package (gst‑plugins‑ugly). Any installation that uses GStreamer to process RealMedia files is impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate‑to‑high severity, while the EPSS score of less than 1% suggests that the probability of exploitation is very low at present. The flaw is not listed in CISA’s Known Exploited Vulnerabilities catalog, reinforcing the low likelihood of a widespread exploit. The likely attack vector requires an attacker to supply a specially crafted RealMedia file, which could be delivered via email, an infected website, or a local file that the application processes.

Generated by OpenCVE AI on June 18, 2026 at 01:13 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.


OpenCVE Recommended Actions

  • Monitor and apply Red Hat security updates for the gstreamer‑plugins‑ugly package as soon as they become available.
  • If the application does not require RealMedia support, uninstall or disable the gst‑plugins‑ugly package to remove the vulnerable demuxer.
  • Restrict processing of RealMedia files to trusted or signed sources, and consider applying application‑level controls to validate file type before handling.

Generated by OpenCVE AI on June 18, 2026 at 01:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Gstreamer Project
Gstreamer Project gstreamer Plugin
Vendors & Products Gstreamer Project
Gstreamer Project gstreamer Plugin

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents.
Title Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}


Subscriptions

Gstreamer Project Gstreamer Plugin
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-16T12:46:54.882Z

Reserved: 2026-06-10T15:40:26.501Z

Link: CVE-2026-53704

cve-icon Vulnrichment

Updated: 2026-06-16T12:46:51.144Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:33.697

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-53704

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-12T00:00:00Z

Links: CVE-2026-53704 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:48Z

Weaknesses