Is Integer Overflow affected by CVE-2026-2921?

CVE-2026-2921 is a high-severity vulnerability in GStreamer that could allow attackers to execute malicious code on systems processing AVI video files. This poses risk to organizations where users handle video content, particularly in media, design, and content management workflows.

CVE-2026-2921

EUVD-2026-12115 HIGH

2026-03-13 zdi

7.8

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 21:01 euvd

EUVD-2026-12115

Analysis Generated

Mar 13, 2026 - 21:01 vuln.today

CVE Published

Mar 13, 2026 - 20:41 nvd

HIGH 7.8

Description

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854.

Analysis

CVE-2026-2921 is an integer overflow vulnerability in GStreamer's RIFF palette handling for AVI files that allows remote code execution with a CVSS score of 7.8. The vulnerability affects all versions of GStreamer (based on CPE wildcard) and requires user interaction to exploit, such as opening a malicious AVI file. …

Remediation

Within 24 hours: Inventory systems running GStreamer and identify which departments/users regularly process AVI files. Within 7 days: Implement user awareness training on avoiding untrusted AVI files and disable GStreamer's AVI support where operationally feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +39

POC: 0

CVE-2026-2921 vulnerability details – vuln.today

Back

CVE-2026-2921

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-2921

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code