GStreamer
open source multimedia framework
Home
Features
News
Annual Conference
Planet (Blogs)
Download
Applications
Security Center
GitLab
Developers
Documentation
Forum
File a Bug
Artwork
Follow us on Bluesky
Follow us on Mastodon
Chat with us on Matrix

Security Advisory 2026-0041 (CVE-2026-53702)
Summary Out-of-bounds read in H.265 parser buffering period SEI message parsing
Date 2026-06-12
Affected Versions GStreamer gst-plugins-bad < 1.28.3
IDs GStreamer-SA-2026-0041
CVE-2026-53702

Details

An out-of-bounds read vulnerability in the H.265 parser in gst-plugins-bad. When parsing buffering period SEI messages, the loop bound for reading initial CPB removal delay and offset values used the loop counter as an array index. This caused the loop to read from an unpredictable index instead of the correct sub-layer 0 CPB count, potentially iterating far beyond the intended number of iterations and reading beyond the boundaries of the associated arrays.

Impact

A malicious third party could trigger out-of-bounds reads by providing a crafted H.265 media file with a buffering period SEI message, potentially resulting in a crash or denial of service.

Solution

The gst-plugins-bad 1.28.3 release addresses the issue. People using older versions of GStreamer should apply the patch and recompile.

References

The GStreamer project

CVE Database Entries

GStreamer 1.28.3 release

Patches

Report a problem on this page.