CVE Catalog

CVE-2026-53701

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

11th percentile — higher than 11% of all known CVEs

Summary

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partition(), the loop iterates without checking that the slice index stays within bounds, leading to writes past three fixed-size arrays.

Risk Assessment

This vulnerability may lead to unauthorized memory writes, posing a risk of application crashes or potential execution of malicious code. A crafted H.266/VVC media file can trigger this vulnerability.

Recommendation

It is recommended to update GStreamer to the latest version to mitigate this vulnerability. Additionally, monitor and validate media files before processing.

Original NVD description (English source)

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partition() (gsth266parser.c), the loop iterates without checking that the slice index stays within bounds, writing past three fixed-size arrays (slice_height_in_ctus, slice_top_left_ctu_x, slice_top_left_ctu_y) in the GstH266PPS structure. While the initial proof-of-concept demonstrated a 4-byte out-of-bounds write, the code permits larger writes across multiple iterations. A crafted H.266/VVC media file can trigger this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS