CVE-2026-53704 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser
A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...