Skip to main content

GStreamer EUVDEUVD-2026-36805

| CVE-2026-52718 MEDIUM
Reachable Assertion (CWE-617)
2026-06-15 redhat GHSA-4cjw-rphc-c5v6
6.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

Network-delivered file triggers crash with no privileges; user must actively open the file (UI:R); impact is availability-only process crash.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 15, 2026 - 19:57 vuln.today
CVE Published
Jun 15, 2026 - 19:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.

AnalysisAI

Denial of service in GStreamer's AV1 codec parser (gst-plugins-bad) allows a remote unauthenticated attacker to crash any application using GStreamer for AV1 media playback by delivering a specially crafted AV1 file. The root cause is a unit mismatch in the gst_av1_parser_parse_tile_list_obu() function, which feeds a byte count to an API expecting a bit count, desynchronizing the parser and triggering an assertion abort. No public exploit has been identified at time of analysis, and exploitation requires user interaction; however, the vulnerability affects Red Hat Enterprise Linux 6 through 10 where GStreamer is a core multimedia component.

Technical ContextAI

GStreamer is an open-source multimedia framework; gst-plugins-bad is the plugin collection containing the AV1 bitstream parser. The affected function gst_av1_parser_parse_tile_list_obu() processes Tile List OBU (Open Bitstream Unit) structures defined by the AV1 specification. The bug is a classic unit-confusion error: the function passes a value representing bytes to an internal bit-reader API that expects the operand in bits (off by a factor of 8). This desynchronizes the parser's position tracking, causing a subsequent assertion check to fire and abort the process. CWE-617 (Reachable Assertion) captures the root cause class - an internal consistency check that an external input can drive to failure, effectively turning a defensive assertion into an attacker-controlled crash vector. CPE data confirms the affected surface as Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, all of which ship GStreamer with the gst-plugins-bad package providing AV1 decoding capability.

RemediationAI

No vendor-released patch with an exact fix version has been identified in the available data. Red Hat has acknowledged the issue via their security advisory at https://access.redhat.com/security/cve/CVE-2026-52718 and Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2486328; monitor these for patch availability and apply vendor-issued updates as soon as they are released. The upstream fix is tracked at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5103 - a patched release version has not been independently confirmed from available data. As a compensating control, organizations can disable or restrict AV1 hardware/software codec support in GStreamer by removing or blocking the gst-plugins-bad package where AV1 decoding is non-essential; this eliminates the attack surface entirely but will break AV1 playback. Alternatively, restrict processing of AV1 media files to trusted sources using content filtering at email gateways and web proxies. On RHEL systems with SELinux enforcing, crash impact is already contained to the affected process; verify SELinux policy is in enforcing mode as a defense-in-depth measure.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5674 HIGH
8.8 Jul 16

Sandbox escape in PipeWire's PulseAudio compatibility layer lets a low-privileged process inside a confined environment

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Affected

Share

EUVD-2026-36805 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy