CVE-2026-1940 in GStreamerinfo

Zusammenfassung (Englisch)

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

redhat

Reservieren

04.02.2026

Veröffentlichung

24.03.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
352608	GStreamer Incomplete Fix CVE-2024-47778 gst_wavparse_adtl_chunk Information Disclosure	125	Nicht definiert	Offizieller Fix	CVE-2026-1940

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!