CVE-2026-52721 MEDIUM

CVE-2026-52721: Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-125
Published June 15, 2026
Last update June 15, 2026

CVSS base score

5.3/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H

What the vulnerability does

01Description

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.

Key dates

02Disclosure timeline

June 15, 2026 CVE published
June 15, 2026 Record updated