GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer

🗓️ 20 Apr 2026 02:58:59Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

GStreamer RealMedia Demuxer remote code execution via out-of-bounds write during packet processing.

Reporter	Title	Published	Views	Family All 100
FreeBSD	gstreamer1 -- multiple vulnerabilities	25 Feb 202600:00	–	freebsd
ATTACKERKB	CVE-2026-2922	13 Mar 202620:38	–	attackerkb
Tenable Nessus	AlmaLinux 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (ALSA-2026:6259)	5 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (ALSA-2026:6300)	5 Apr 202600:00	–	nessus
Tenable Nessus	Debian dla-4516 : gstreamer1.0-plugins-ugly - security update	29 Mar 202600:00	–	nessus
Tenable Nessus	Debian dsa-6191 : gstreamer1.0-plugins-ugly - security update	2 Apr 202600:00	–	nessus
Tenable Nessus	Fedora 42 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2026-3cc99e7d09)	5 Apr 202600:00	–	nessus
Tenable Nessus	Fedora 43 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2026-e6d8e9fd49)	5 Apr 202600:00	–	nessus
Tenable Nessus	FreeBSD : gstreamer1 -- multiple vulnerabilities (791d4b29-19fb-11f1-87cc-e73692421fef)	7 Mar 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (AXSA:2026-421:01)	13 Apr 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	10.0	aarch64	gstreamer1-plugins-bad-free	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-0:1.24.11-3.el10_0.aarch64.rpm
Red Hat Enterprise Linux	10.0	ppc64le	gstreamer1-plugins-bad-free	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-0:1.24.11-3.el10_0.ppc64le.rpm
Red Hat Enterprise Linux	10.0	s390x	gstreamer1-plugins-bad-free	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-0:1.24.11-3.el10_0.s390x.rpm
Red Hat Enterprise Linux	10.0	x86_64	gstreamer1-plugins-bad-free	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-0:1.24.11-3.el10_0.x86_64.rpm
Red Hat Enterprise Linux	10.0	aarch64	gstreamer1-plugins-bad-free-debuginfo	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-debuginfo-0:1.24.11-3.el10_0.aarch64.rpm
Red Hat Enterprise Linux	10.0	ppc64le	gstreamer1-plugins-bad-free-debuginfo	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-debuginfo-0:1.24.11-3.el10_0.ppc64le.rpm
Red Hat Enterprise Linux	10.0	s390x	gstreamer1-plugins-bad-free-debuginfo	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-debuginfo-0:1.24.11-3.el10_0.s390x.rpm
Red Hat Enterprise Linux	10.0	x86_64	gstreamer1-plugins-bad-free-debuginfo	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-debuginfo-0:1.24.11-3.el10_0.x86_64.rpm
Red Hat Enterprise Linux	10.0	aarch64	gstreamer1-plugins-bad-free-debugsource	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-debugsource-0:1.24.11-3.el10_0.aarch64.rpm
Red Hat Enterprise Linux	10.0	ppc64le	gstreamer1-plugins-bad-free-debugsource	0:1.24.11-3.el10_0	gstreamer1-plugins-bad-free-debugsource-0:1.24.11-3.el10_0.ppc64le.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-2922
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
gitlab	www.gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/88df8d2cd063b95a076e8041b47f778a4402f363
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-2922
cve	www.cve.org/CVERecord
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-26-165/

19 May 2026 21:27Current

7.9High risk

Vulners AI Score7.9

CVSS 37.8

EPSS0.00108

SSVC

gstreamer real media demuxer remote code execution out-of-bounds write video packet processing