CVE-2026-53703— Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser
Affected Version Matrix 4
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53703
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
GStreamer RealMedia demuxer 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
RealMedia demuxer是GStreamer组织的一个核心组件。 GStreamer RealMedia demuxer存在缓冲区错误漏洞,该漏洞源于在解析RealMedia文件时,未检查MDPR块中是否包含足够的数据,可能导致缓冲区越界读取,造成应用程序崩溃,甚至将越界字节合并到流元数据中,导致有限的信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-53703
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53703
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53703 (1)
Other References for CVE-2026-53703 (1)
Same Patch Batch · Red Hat · 2026-06-15 · 9 CVEs total
| CVE-2026-52720 | 8.8 HIGH | Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectan |
| CVE-2026-53705 | 7.6 HIGH | Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer ov |
| CVE-2026-52722 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor pay |
| CVE-2026-53704 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo |
| CVE-2026-52719 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validat |
| CVE-2026-52718 | 6.5 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byt |
| CVE-2026-52721 | 5.3 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp |
| CVE-2026-44188 | 5.3 MEDIUM | Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg
Same vendor: Red Hat
- CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex
Same weakness: CWE-125
- CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits - CVE-2026-49271
libheif: Wrapped icef compressed-unit range check causes out - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-48138
Out-of-bounds read vulnerability in the NI grpc-device strea - CVE-2025-15661
libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
V. Comments for CVE-2026-53703
No comments yet