CVE-2026-3083Improper Validation of Array Index in Gstreamer

CWE-129Improper Validation of Array IndexCWE-787Out-of-bounds Write11 documents10 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 32.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GstreamerDebian Gst-plugins-good1.0
Timeline
PublishedMar 16
Latest updateApr 14

Description

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payload elements. When parsing the packetid element, the process does not properly validate user-supplied data, which

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDgstreamer/gstreamer< 1.28.1
CVEListV5gstreamer/gstreamer1c6e163aa33962f5ee4a87d29319ccdd5cb67612
debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.28.1-1 (forky)

🔴Vulnerability Details

4
VulDB
GStreamer rtpqdm2depay out-of-bounds write (Nessus ID 304508 / WID-SEC-2026-0525)2026-04-14
GHSA
GHSA-xmwv-jrrx-mjgr: GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability2026-03-16
OSV
CVE-2026-3083: GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability2026-03-16
CVEList
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability2026-03-13

📋Vendor Advisories

3
Ubuntu
GStreamer Good Plugins vulnerabilities2026-03-30
Red Hat
GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay2026-03-13
Debian
CVE-2026-3083: gst-plugins-good1.0 - GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-3083 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]2026-03-16
Bugzilla
CVE-2026-3083 GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay2026-03-13