CVE-2026-52718— Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of ServiceAffected Version Matrix 6
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 6 | any | unknown |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
any | affected | ||
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-52718
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion
Source: NVD (National Vulnerability Database)
Vulnerability Description
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可达断言
Source: NVD (National Vulnerability Database)
Vulnerability Title
GStreamer 异常处理不当漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GStreamer是GStreamer组织开源的一套用于处理流媒体的框架。 GStreamer存在异常处理不当漏洞,该漏洞源于gst-plugins-bad中的AV1 codec解析器中gst_av1_parser_parse_tile_list_obu()函数将字节计数传递给期望位计数的位读取器API,导致解析器失步,远程攻击者可能诱骗用户打开特制的AV1媒体文件,触发断言异常,导致应用程序崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-52718
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-52718
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-52718 (1)
Vendor Advisories for CVE-2026-52718 (2)
Same Patch Batch · Red Hat · 2026-06-15 · 9 CVEs total
| CVE-2026-52720 | 8.8 HIGH | Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectan |
| CVE-2026-53705 | 7.6 HIGH | Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer ov |
| CVE-2026-52722 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor pay |
| CVE-2026-53703 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio str |
| CVE-2026-53704 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo |
| CVE-2026-52719 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validat |
| CVE-2026-52721 | 5.3 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp |
| CVE-2026-44188 | 5.3 MEDIUM | Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg
Same vendor: Red Hat
- CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex
V. Comments for CVE-2026-52718
No comments yet