CVE-2026-3085
published 2026-03-16CVE-2026-3085: GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on…
PriorityP261high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.83%
52.9th percentile
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gst-plugins-good1.0 | < gst-plugins-good1.0 1.28.1-1 (forky) | gst-plugins-good1.0 1.28.1-1 (forky) |
| gstreamer | gstreamer | < 1.28.1 | 1.28.1 |
| gstreamer | gstreamer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the GStreamer rtpqdm2depay plugin component — heap-based buffer overflow is triggered during processing of X-QDM RTP payloads with insufficient length validation before copying user-supplied data to a heap buffer. ↗
- →Monitor network traffic and application logs for GStreamer processing X-QDM RTP (Real-time Transport Protocol) payloads from untrusted/external sources, as this is the specific attack vector. ↗
- →Alert on applications loading or invoking the GStreamer rtpqdm2depay plugin (gst-plugins-good) when receiving RTP streams from untrusted network sources, as exploitation requires interaction with this library. ↗
- ·Exploitation requires an application to actively process X-QDM RTP payloads via GStreamer; attack surface varies by implementation and deployment context. ↗
- ·Mitigation (short of patching) is to avoid processing X-QDM RTP payloads from untrusted sources and restrict network access to GStreamer-based RTP stream processing applications. ↗
- ·Debian scope is listed as 'local' in the security tracker, which may affect network-based detection assumptions depending on the deployment environment. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GStreamer rtpqdm2depay heap-based overflow (Nessus ID 304508 / WID-SEC-2026-0525)
vuldb·2026-04-14·CVSS 8.8
CVE-2026-3085 [HIGH] GStreamer rtpqdm2depay heap-based overflow (Nessus ID 304508 / WID-SEC-2026-0525)
A vulnerability was found in GStreamer and classified as critical. This affects an unknown part of the component rtpqdm2depay. The manipulation results in heap-based buffer overflow.
This vulnerability is identified as CVE-2026-3085. The attack can be executed remotely. There is not any exploit available.
A patch should be applied to remediate this issue.
GHSA
GHSA-8wvg-qc85-jr5c: GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
ghsa_unreviewed·2026-03-16
CVE-2026-3085 [HIGH] CWE-122 GHSA-8wvg-qc85-jr5c: GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
OSV
CVE-2026-3085: GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
osv·2026-03-16·CVSS 8.8
CVE-2026-3085 [HIGH] CVE-2026-3085: GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
Ubuntu
GStreamer Good Plugins vulnerabilities
vendor_ubuntu·2026-03-30
CVE-2026-3085 GStreamer Good Plugins vulnerabilities
Title: GStreamer Good Plugins vulnerabilities
Summary: Several security issues were fixed in GStreamer Good Plugins.
It was discovered that GStreamer Good Plugins incorrectly handled certain
X-QDM RTP payloads. A remote attacker could use this issue to cause
GStreamer Good Plugins to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
vendor_redhat·2026-03-13·CVSS 8.8
CVE-2026-3085 [HIGH] CWE-1284 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
A flaw was found in GStreamer. This heap-based buffer ove
Debian
CVE-2026-3085: gst-plugins-good1.0 - GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerab...
vendor_debian·2026·CVSS 8.8
CVE-2026-3085 [HIGH] CVE-2026-3085: gst-plugins-good1.0 - GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerab...
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.28.1-1)
sid: resolved (fixed in 1.28.1-1)
trixie: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
bugzilla·2026-03-16·CVSS 8.8
CVE-2026-3085 [HIGH] CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-3cc99e7d09 (mingw-gstreamer1-1.26.11-1.fc42, mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc42, and 2 more) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-3cc99e7d09
---
FEDORA-2026-e6d8e9fd49 (mingw-gstreamer1-1.26.11-1.fc43, mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc43, and 2 more) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updat
Bugzilla
CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
bugzilla·2026-03-13·CVSS 8.8
CVE-2026-3085 [HIGH] CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
Discussion:
This issue has been addressed
Wiz
CVE-2026-3085 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-3085 [HIGH] CVE-2026-3085 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3085 :
NixOS vulnerability analysis and mitigation
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
Source : NVD
## 8.8
Score
Published March 16, 2026
Severity HIGH
CNA Score 8
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d60a94dee3c0a0942c9981491bf83e0de1900fbfhttps://www.zerodayinitiative.com/advisories/ZDI-26-167/https://access.redhat.com/errata/RHSA-2026:19024https://access.redhat.com/errata/RHSA-2026:19180https://access.redhat.com/errata/RHSA-2026:6259https://access.redhat.com/errata/RHSA-2026:6300https://access.redhat.com/errata/RHSA-2026:6750https://access.redhat.com/errata/RHSA-2026:7673https://access.redhat.com/errata/RHSA-2026:7850https://access.redhat.com/errata/RHSA-2026:8854https://access.redhat.com/errata/RHSA-2026:8857https://access.redhat.com/errata/RHSA-2026:8862https://access.redhat.com/errata/RHSA-2026:8874https://access.redhat.com/errata/RHSA-2026:8876https://access.redhat.com/errata/RHSA-2026:9446https://access.redhat.com/errata/RHSA-2026:9447https://access.redhat.com/errata/RHSA-2026:9487https://access.redhat.com/errata/RHSA-2026:9488https://access.redhat.com/security/cve/CVE-2026-3085https://bugzilla.redhat.com/show_bug.cgi?id=2447495https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3085.json
2026-03-16
Published