CVE-2026-53702
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). This flaw occurs when parsing a buffering period SEI message, where an incorrect loop bound is used, potentially leading to writes beyond the allocated stack memory bounds.
Risk Assessment
This vulnerability can allow a crafted H.265 video file to cause application crashes or potential stack memory corruption, posing a risk to system stability.
Recommendation
It is recommended to update the GStreamer library to the latest version to mitigate this vulnerability and to monitor applications using this codec for potential attacks.
Original NVD description (English source)
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpb_cnt_minus1[i] (the loop index) instead of the sub-layer 0 CPB count cpb_cnt_minus1[0] from the referenced Sequence Parameter Set. A crafted H.265 video file or stream can cause the parser to write beyond the bounds of stack-allocated CPB delay arrays, resulting in a crash or potential stack memory corruption.

