GStreamer
open source multimedia framework
Home
Features
News
Annual Conference
Planet (Blogs)
Download
Applications
Security Center
GitLab
Developers
Documentation
Forum
File a Bug
Artwork
Follow us on Bluesky
Follow us on Mastodon
Chat with us on Matrix

Security Advisory 2026-0032
Summary Out-of-bounds read and write in XMP tag parser
Date 2026-06-12
Affected Versions GStreamer gst-plugins-base < 1.28.4
IDs GStreamer-SA-2026-0032

Details

Out-of-bounds read and write vulnerabilities in the XMP tag parser in gst-plugins-base when processing malformed XMP metadata. The parser incorrectly initialized the end-of-buffer pointer one byte past the actual buffer boundary, and failed to maintain NUL-termination of a temporary array during attribute parsing, allowing reads and writes beyond the intended buffer limits.

Impact

A malicious third party could trigger out-of-bounds reads by providing a media file with crafted XMP metadata, potentially resulting in a crash, denial of service, or information disclosure. An out-of-bounds write of up to 1 byte is also possible, with very low impact.

Solution

The gst-plugins-base 1.28.4 release addresses the issue. People using older versions of GStreamer should apply the patch and recompile.

References

The GStreamer project

CVE Database Entries

  • No CVE number assigned or pending

GStreamer 1.28.4 release

Patches

Report a problem on this page.