Home

Description

A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.

PUBLISHED Reserved 2026-06-10 | Published 2026-06-15 | Updated 2026-06-15 | Assigner redhat




HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Problem types

Out-of-bounds Read

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-04-16:Reported to Red Hat.
2026-06-12:Made public.

Credits

Red Hat would like to thank Tianshuo Han for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-53703 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2487613 (RHBZ#2487613) issue-tracking

cve.org (CVE-2026-53703)

nvd.nist.gov (CVE-2026-53703)

Download JSON