VYPR
← All advisories
Medium severity5.3NVD Advisory· Published Jun 15, 2026· Updated Jun 15, 2026

CVE-2026-52721

CVE-2026-52721

Description

Multiple out-of-bounds reads in GStreamer's pcapparse element allow crash or info disclosure via crafted PCAP files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple out-of-bounds reads in GStreamer's pcapparse element allow crash or info disclosure via crafted PCAP files.

Vulnerability

Multiple out-of-bounds read vulnerabilities exist in GStreamer's pcapparse element within the gst-plugins-bad package. In gstpcapparse.c, three issues are present: (1) At lines 465–466, src_port/dst_port are read from buf_proto without verifying sufficient data after the IP header for TCP/UDP header fields. (2) At line 485, payload_size = ip_packet_len - ip_header_size - len trusts the ip_packet_len field from the IP header; a spoofed value larger than the actual buffer yields a payload_size exceeding available data. (3) When payload_size is computed from an untrusted IP length field, downstream processing can read out-of-bounds into the next PCAP record. The issue affects versions prior to the planned GStreamer 1.28.4 fix [1][2].

Exploitation

The attacker requires the ability to craft a malicious PCAP file and deliver it to a target user who processes it with a GStreamer pipeline that uses the pcapparse element. This element is primarily used in debugging pipelines, limiting exposure. The user interaction is required (e.g., opening a file). The attacker does not need authentication or special network position; local access suffices. The exploitation involves providing a PCAP record with manipulated IPv4 header length or TCP/UDP header fields to trigger the out-of-bounds reads [2][3].

Impact

Successful exploitation can lead to a crash (denial of service) or information disclosure via out-of-bounds memory reads. The compromise is limited to the process’s address space, potentially leaking sensitive data. No code execution is described; the impact is primarily confidentiality and availability [1][2].

Mitigation

A fix is planned for GStreamer 1.28.4, as confirmed by maintainer Sebastian Dröge (2026-06-02) [2]. Until the patched version is released, users should avoid processing untrusted PCAP files with pipelines involving pcapparse. No workaround is available in the element itself. The issue is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. Red Hat has assigned a medium severity [1].

References
  1. cve-details
  2. Multiple out-of-bounds reads in pcapparse IPv4/TCP header parsing
  3. gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5106

AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.