{ "threat_severity" : "Important", "public_date" : "2026-03-13T20:38:27Z", "bugzilla" : { "description" : "GStreamer: GStreamer: Arbitrary code execution via ASF file processing", "id" : "2447490", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2447490" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-120", "details" : [ "GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\nThe specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.", "A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF (Advanced Systems Format) files, leading to data being copied to a fixed-length heap-based buffer without proper bounds checking. Successful exploitation can result in arbitrary code execution in the context of the current process." ], "statement" : "This is an IMPORTANT heap-based buffer overflow vulnerability in the GStreamer ASF Demuxer. The flaw allows remote code execution when processing specially crafted ASF files due to improper validation of stream header lengths. Red Hat products utilizing GStreamer for multimedia processing are affected if they handle untrusted ASF content.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6259", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6259", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "gstreamer1-plugins-base-0:1.24.11-2.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6259", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "gstreamer1-plugins-good-0:1.24.11-2.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6259", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8854", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "gstreamer1-plugins-bad-free-0:1.24.11-3.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8854", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "gstreamer1-plugins-base-0:1.24.11-1.el10_0.1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8854", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "gstreamer1-plugins-good-0:1.24.11-1.el10_0.2" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8854", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "gstreamer1-plugins-ugly-free-0:1.24.11-1.el10_0.1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-07T00:00:00Z", "advisory" : "RHSA-2026:6750", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gstreamer1-plugins-bad-free-0:1.16.1-6.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-07T00:00:00Z", "advisory" : "RHSA-2026:6750", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gstreamer1-plugins-base-0:1.16.1-6.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-07T00:00:00Z", "advisory" : "RHSA-2026:6750", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gstreamer1-plugins-good-0:1.16.1-6.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6300", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6300", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "gstreamer1-plugins-base-0:1.22.12-5.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6300", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "gstreamer1-plugins-good-0:1.22.12-5.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6300", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8862", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "gstreamer1-plugins-bad-free-0:1.22.12-5.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8862", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "gstreamer1-plugins-base-0:1.22.12-5.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8862", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "gstreamer1-plugins-good-0:1.22.12-5.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-04-20T00:00:00Z", "advisory" : "RHSA-2026:8862", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "gstreamer", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "gstreamer", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "gstreamer1", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "gstreamer1", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-2920\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2920\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3\nhttps://www.zerodayinitiative.com/advisories/ZDI-26-164/" ], "name" : "CVE-2026-2920", "mitigation" : { "value" : "Avoid processing untrusted ASF (Advanced Systems Format) media files. This vulnerability in the GStreamer ASF Demuxer requires user interaction, such as opening a malicious ASF file, to trigger the heap-based buffer overflow. Limiting exposure to untrusted media content can reduce the attack surface.", "lang" : "en:us" }, "csaw" : false }