CVE-2026-1940 — Out-of-bounds Read in Gst-plugins-good1.0

CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 95.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gst-plugins-good1.0

Timeline

PublishedMar 23

Latest updateApr 13

Description

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.5 | Impact: 2.5

Affected Packages1 packages

▶debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.28.1-1 (forky)

🔴Vulnerability Details

VulDB

GStreamer Incomplete Fix CVE-2024-47778 gst_wavparse_adtl_chunk out-of-bounds (ID 4854 / WID-SEC-2026-0525)↗2026-04-13

▶

GHSA

GHSA-9wvw-r6fm-6wwv: An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function↗2026-03-24

▶

OSV

CVE-2026-1940: An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function↗2026-03-23

▶

📋Vendor Advisories

Red Hat

gstreamer: incomplete fix of CVE-2026-1940↗2026-02-25

▶

Debian

CVE-2026-1940: gst-plugins-good1.0 - An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavpars...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1940 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶