Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-06-15T00:00:00 gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-617

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.

This is a Moderate denial of service vulnerability in the GStreamer AV1 codec parser (gst-plugins-bad). The flaw allows a deterministic application crash when processing specially crafted AV1 media files due to a byte/bit unit confusion in gst_av1_parser_parse_tile_list_obu(). The impact is limited to availability since the assertion abort terminates the process immediately with no path to code execution or information disclosure. Red Hat products utilizing GStreamer for multimedia processing are affected if they handle untrusted AV1 media content. Red Hat would like to thank JUNYI LIU for reporting this issue. Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Red Hat Enterprise Linux 10 Affected gstreamer1-plugins-bad-free Red Hat Enterprise Linux 6 Out of support scope gstreamer-plugins-bad-free Red Hat Enterprise Linux 7 Affected gstreamer1-plugins-bad-free Red Hat Enterprise Linux 7 Affected gstreamer-plugins-bad-free Red Hat Enterprise Linux 8 Affected gstreamer1-plugins-bad-free Red Hat Enterprise Linux 9 Affected gstreamer1-plugins-bad-free https://www.cve.org/CVERecord?id=CVE-2026-52718 https://nvd.nist.gov/vuln/detail/CVE-2026-52718 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5103