Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-06-12T00:00:00 gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer FILEINFO metadata parser 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CWE-125

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents.

This flaw affects gstreamer1-plugins-ugly-free as shipped in Red Hat Enterprise Linux. RealMedia is a legacy container format with limited real-world usage. The upstream maintainer confirmed only out-of-bounds reads are present, which can lead to crashes and possible limited information disclosure. No code execution or memory corruption path has been identified. No upstream fix is available yet as the surrounding rmdemux code requires a broader rewrite. Red Hat would like to thank Tianshuo Han for reporting this issue. Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Red Hat Enterprise Linux 10 Affected gstreamer1-plugins-ugly-free Red Hat Enterprise Linux 7 Affected gstreamer1-plugins-ugly-free Red Hat Enterprise Linux 8 Affected gstreamer1-plugins-ugly-free Red Hat Enterprise Linux 9 Affected gstreamer1-plugins-ugly-free https://www.cve.org/CVERecord?id=CVE-2026-53704 https://nvd.nist.gov/vuln/detail/CVE-2026-53704