Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-06-15T00:00:00 gstreamer1-plugins-bad-free: GStreamer: Multiple out-of-bounds reads in pcapparse IPv4/TCP header parsing 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H CWE-125

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.

This is a Moderate out-of-bounds read vulnerability in the GStreamer pcapparse element (gst-plugins-bad). The flaw allows reads beyond buffer boundaries when processing malformed PCAP records due to missing bounds validation on IPv4/TCP header fields and untrusted IP packet length values. The impact is limited because the pcapparse element is primarily used in debugging pipelines, not in standard media playback workflows. The upstream maintainer confirmed this can only be triggered in specially crafted GStreamer pipelines built for debugging purposes, making real-world exploitation very unlikely. Red Hat products utilizing GStreamer for multimedia processing are affected only if they use the pcapparse element in custom debugging pipelines. Red Hat would like to thank JUNYI LIU for reporting this issue. Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Red Hat Enterprise Linux 10 Fix deferred gstreamer1-plugins-bad-free Red Hat Enterprise Linux 6 Out of support scope gstreamer-plugins-bad-free Red Hat Enterprise Linux 7 Fix deferred gstreamer1-plugins-bad-free Red Hat Enterprise Linux 7 Fix deferred gstreamer-plugins-bad-free Red Hat Enterprise Linux 8 Fix deferred gstreamer1-plugins-bad-free Red Hat Enterprise Linux 9 Fix deferred gstreamer1-plugins-bad-free https://www.cve.org/CVERecord?id=CVE-2026-52721 https://nvd.nist.gov/vuln/detail/CVE-2026-52721 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5106