GStreamer
open source multimedia framework
Home
Features
News
Annual Conference
Planet (Blogs)
Download
Applications
Security Center
GitLab
Developers
Documentation
Forum
File a Bug
Artwork
Follow us on Bluesky
Follow us on Mastodon
Chat with us on Matrix

Security Advisory 2026-0062 (CVE-2026-59692)

Summary Stack buffer overflow in DTLS certificate verification
Date 2026-07-08
Affected Versions GStreamer gst-plugins-bad < 1.28.5
IDs GStreamer-SA-2026-0062
CVE-2026-59692

Details

A stack buffer overflow vulnerability in the DTLS connection implementation in gst-plugins-bad. The DTLS connection element used a fixed-size stack buffer to store the formatted Subject Distinguished Name (DN) of a peer certificate during DTLS handshake verification. The buffer size was not validated against the actual formatted length of the certificate Subject. A remote DTLS peer can send a certificate with a Subject DN that formats to more than the fixed buffer size, causing a stack-based out-of-bounds write.

Impact

An unauthenticated remote DTLS-SRTP or WebRTC peer can trigger a stack buffer overflow during the DTLS handshake by sending a certificate with an oversized Subject DN. This can result in process crash, data corruption, or potentially arbitrary code execution.

Solution

The gst-plugins-bad 1.28.5 release addresses the issue. People using older versions of GStreamer should apply the patch and recompile.

References

The GStreamer project

CVE Database Entries

GStreamer 1.28.5 release

Patches


Report a problem on this page.