CVE-2026-53705— Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow
Possible ATT&CK Techniques 1AI
T1203 · Exploitation for Client ExecutionAffected Version Matrix 4
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53705
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
GStreamer gst-plugins-good 数字错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GStreamer gst-plugins-good是GStreamer组织的一个多媒体处理插件。 GStreamer gst-plugins-good存在数字错误漏洞,该漏洞源于GStreamer的WavPack音频解码器在gst_wavpack_dec_handle_frame()函数中缓冲区大小计算存在整数溢出,导致堆内存损坏,远程攻击者可通过诱使用户打开特制的WavPack音频文件导致应用程序崩溃或可能执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-53705
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53705
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-53705 (1)
Other References for CVE-2026-53705 (1)
Same Patch Batch · Red Hat · 2026-06-15 · 9 CVEs total
| CVE-2026-52720 | 8.8 HIGH | Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectan |
| CVE-2026-52722 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor pay |
| CVE-2026-53703 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio str |
| CVE-2026-53704 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo |
| CVE-2026-52719 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validat |
| CVE-2026-52718 | 6.5 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byt |
| CVE-2026-52721 | 5.3 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp |
| CVE-2026-44188 | 5.3 MEDIUM | Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg - CVE-2026-4367
Libxpm: libxpm: denial of service via out-of-bounds read in - CVE-2026-10649
Pacemaker: pacemaker: denial of service via integer overflow - CVE-2026-42014
Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin - CVE-2026-1767
Localsearch: tracker-miners: gnome localsearch mp3 extractor
Same vendor: Red Hat
- CVE-2026-12706
Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder dec - CVE-2026-11791
389-ds-base: 389-ds-base: use-after-free in schema reload vi - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg - CVE-2026-12515
Katello: missing repository authorization in content_uploads - CVE-2026-12528
389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__n
Same weakness: CWE-190
- CVE-2026-8805
Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series - CVE-2026-44663
OpenEXR: Integer overflow in the HTJ2K decoder leads to heap - CVE-2026-55203
HAProxy - Integer Overflow in FCGI Demux Record Length Field - CVE-2026-54417
Integer Overflow in rxi/microtar mtar_next() Causes Infinite - CVE-2026-10649
Pacemaker: pacemaker: denial of service via integer overflow
V. Comments for CVE-2026-53705
No comments yet