GStreamer
open source multimedia framework
Home
Features
News
Annual Conference
Planet (Blogs)
Download
Applications
Security Center
GitLab
Developers
Documentation
Forum
File a Bug
Artwork
Follow us on Bluesky
Follow us on Mastodon
Chat with us on Matrix

Security Advisory 2026-0030
Summary Missing bounds checks in RTCP SDES packet parsing
Date 2026-06-12
Affected Versions GStreamer gst-plugins-base < 1.28.4
IDs GStreamer-SA-2026-0030

Details

Multiple out-of-bounds read vulnerabilities in the RTCP SDES (Source Description) packet parser in gst-plugins-base. The parser lacked proper bounds validation when iterating over SDES items and entries, allowing reads beyond the actual packet buffer. Additionally, the packet length calculation was incorrect, underestimating the total packet size by 4 bytes, which further reduced the effectiveness of existing bounds checks.

Impact

A malicious third party could trigger out-of-bounds reads by providing a crafted RTCP packet with invalid SDES data, potentially resulting in a crash, denial of service, or information disclosure.

Solution

The gst-plugins-base 1.28.4 release addresses the issue. People using older versions of GStreamer should apply the patch and recompile.

References

The GStreamer project

CVE Database Entries

  • No CVE number assigned or pending

GStreamer 1.28.4 release

Patches

Report a problem on this page.