GStreamer
open source multimedia framework

GStreamer Spring Hackfest 2026

29-31 May 2026 ยท Nice, France

Join us!
Home
Features
News
Annual Conference
Planet (Blogs)
Download
Applications
Security Center
GitLab
Developers
Documentation
Forum
File a Bug
Artwork
Follow us on Bluesky
Follow us on Mastodon
Chat with us on Matrix

Security Advisory 2026-0024
Summary Out-of-bounds reads in MPEG PS PES header parsing
Date 2026-05-11
Affected Versions GStreamer gst-plugins-bad < 1.28.3
IDs GStreamer-SA-2026-0024

Details

Multiple out-of-bounds read vulnerabilities in the MPEG PES (Packetized Elementary Stream) header parser in gst-plugins-bad. The vulnerabilities exist in both the mpegdemux element and the resindvd PES filter when parsing MPEG Program Stream (PS) files.

The issues occur when parsing malformed MPEG Program Stream files:

  1. Missing bounds checks before reading DTS/PTS timestamps in PES headers, allowing reads beyond buffer boundaries
  2. Insufficient validation when scanning for timestamps in program streams, including potential integer overflows in length calculations
  3. Missing bounds checks when parsing PES extension fields, including pack header fields and extension field lengths that could exceed available data

Impact

A malicious third party could trigger out-of-bounds reads when processing malicious MPEG Program Stream files, resulting in application crashes and denial of service. Information disclosure is also possible as sensitive memory contents could be exposed.

Solution

The gst-plugins-bad 1.28.3 release addresses the issue. People using older versions of GStreamer should apply the patch and recompile.

References

The GStreamer project

CVE Database Entries

  • No CVE number assigned or pending

GStreamer 1.28.3 release

Patches

Report a problem on this page.