CVE-2026-2920 in GStreamer情報

要約

〜によって MITRE • 2026年03月16日

GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

公開

2026年03月16日

モデレーション

承諾済み

エントリ

VDB-349619

CPE

準備完了

CWE

CWE-122 (確認済み)

CVSS

7.8 (CNA)

EPSS

0.00078

KEV

いいえ

アクティビティ

非常低い

セクター

Telecommunication, Lawfirm, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2920
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2920
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2920/

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!