CVE-2026-2921Integer Overflow or Wraparound in Gstreamer

CWE-190Integer Overflow or Wraparound11 documents10 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 89.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GstreamerDebian Gst-plugins-base1.0
Timeline
PublishedMar 16
Latest updateApr 13

Description

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an intege

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgstreamer/gstreamer< 1.28.1
CVEListV5gstreamer/gstreamer1c6e163aa33962f5ee4a87d29319ccdd5cb67612
debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u6 (bookworm)

🔴Vulnerability Details

4
VulDB
GStreamer RIFF Palette integer overflow (Nessus ID 302816 / WID-SEC-2026-0525)2026-04-13
GHSA
GHSA-g7gw-mp9w-623w: GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability2026-03-16
OSV
CVE-2026-2921: GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability2026-03-16
CVEList
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability2026-03-13

📋Vendor Advisories

3
Ubuntu
GStreamer Base Plugins vulnerability2026-03-30
Red Hat
GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling2026-03-13
Debian
CVE-2026-2921: gst-plugins-base1.0 - GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. Thi...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-2921 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]2026-03-16
Bugzilla
CVE-2026-2921 GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling2026-03-13