CVE-2026-53702— Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser
Possible ATT&CK Techniques 1AI
T1203 · Exploitation for Client ExecutionAffected Version Matrix 4
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53702
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser
Source: NVD (National Vulnerability Database)
Vulnerability Description
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpb_cnt_minus1[i] (the loop index) instead of the sub-layer 0 CPB count cpb_cnt_minus1[0] from the referenced Sequence Parameter Set. A crafted H.265 video file or stream can cause the parser to write beyond the bounds of stack-allocated CPB delay arrays, resulting in a crash or potential stack memory corruption.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
gst-plugins-bad 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
gst-plugins-bad是GStreamer开源的一个GStreamer插件。 gst-plugins-bad存在缓冲区错误漏洞,该漏洞源于H.265编解码器解析器库在解析缓冲期SEI消息时使用错误的循环边界,导致写入栈分配的CPB延迟数组边界之外,精心构造的H.265视频文件或流可能导致崩溃或栈内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-53702
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53702
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53702 (2)
Same Patch Batch · Red Hat · 2026-06-11 · 5 CVEs total
| CVE-2026-11774 | 7.6 HIGH | 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leadi |
| CVE-2026-53701 | 6.5 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture parti |
| CVE-2026-11850 | 5.0 MEDIUM | Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read |
| CVE-2026-11986 | 4.9 MEDIUM | Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk ro |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg - CVE-2026-4367
Libxpm: libxpm: denial of service via out-of-bounds read in - CVE-2026-10649
Pacemaker: pacemaker: denial of service via integer overflow - CVE-2026-42014
Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin - CVE-2026-1767
Localsearch: tracker-miners: gnome localsearch mp3 extractor
Same vendor: Red Hat
- CVE-2026-11791
389-ds-base: 389-ds-base: use-after-free in schema reload vi - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg - CVE-2026-12515
Katello: missing repository authorization in content_uploads - CVE-2026-12528
389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__n - CVE-2026-12491
Vllm: vllm: image exif rotation & png trns transparency not
Same weakness: CWE-787
- CVE-2026-8461
Heap out-of-bounds write via odd slice_height in FFmpeg Magi - CVE-2026-2674
Out-of-bounds Write vulnerability in RTI Connext Professiona - CVE-2026-12528
389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__n - CVE-2026-10641
Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicat - CVE-2026-39199
snes9x 1.63文件处理越界写入及拒绝服务漏洞
V. Comments for CVE-2026-53702
No comments yet