Description
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
Published: 2026-06-15
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

When a specially crafted WavPack audio file is processed by the GStreamer WavPack decoder, an integer overflow occurs during the calculation of the buffer size (4 * block_samples * channels). This results in a heap buffer allocation that is far too small, allowing the decoder to write decoded audio samples beyond the bounds of the allocated memory. The flaw can be exploited by a remote attacker to crash an application or potentially execute arbitrary code on a target system. The vulnerability is caused by an out‑of‑bounds write in C, classified as CWE‑190.

Affected Systems

The affected systems are Red Hat Enterprise Linux operating systems. Red Hat has identified RHEL 7, RHEL 8, RHEL 9, and RHEL 10 as impacted versions, all of which ship the GStreamer 1 plugins‑good package containing the vulnerable WavPack decoder. The issue applies to both 32‑bit and 64‑bit architectures because the vulnerable arithmetic is performed with 32‑bit integers before promotion to the allocation size type.

Risk and Exploitability

The CVSS score of 7.6 indicates a high severity, while the EPSS score of less than 1 % shows a relatively low expected exploitation rate at this time. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread, actively exploited incidents have been reported yet. The likely attack vector involves a remote attacker delivering a malicious WavPack (.wv) file and encouraging a user to open it in a media application that uses GStreamer. If the user opens the file, the application could crash or, in a higher‑impact scenario, arbitrary code execution could be achieved.

Generated by OpenCVE AI on June 18, 2026 at 03:31 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.


OpenCVE Recommended Actions

  • Apply the latest Red Hat security updates that contain the fixed GStreamer 1 plugins‑good package whenever an update becomes available.
  • Limit the use of GStreamer‑based media players to trusted files only; do not allow untrusted or internet‑originated audio files to be opened without user approval.
  • Run media playback processes in a confined or sandboxed environment to contain any potential heap corruption, and consider disabling WavPack decoding if your workflow does not require it.
  • No official workaround is available; the only remediation is applying vendor patches.

Generated by OpenCVE AI on June 18, 2026 at 03:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Gstreamer Project
Gstreamer Project gstreamer Plugin
Vendors & Products Gstreamer Project
Gstreamer Project gstreamer Plugin

Tue, 16 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
Title Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}


Subscriptions

Gstreamer Project Gstreamer Plugin
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T12:09:26.907Z

Reserved: 2026-06-10T15:40:26.501Z

Link: CVE-2026-53705

cve-icon Vulnrichment

Updated: 2026-06-30T03:18:41.542Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:33.820

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-53705

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-12T00:00:00Z

Links: CVE-2026-53705 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:55Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound