CVE-2026-53703
Description
GStreamer RealMedia demuxer out-of-bounds read in audio stream header parsing allows crash and limited information disclosure via crafted .rm files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GStreamer RealMedia demuxer out-of-bounds read in audio stream header parsing allows crash and limited information disclosure via crafted .rm files.
Vulnerability
A vulnerability exists in the GStreamer RealMedia demuxer (gst-plugins-ugly) when processing MDPR (media properties) chunks in RealMedia (.rm) files. In the function gst_rmdemux_parse_mdpr(), when parsing audio stream header versions 4 and 5, the parser reads codec type, packet size, sample rate, channel count, and extra codec data length from fixed byte offsets (22–69 for v4, 22–74 for v5) without verifying that the MDPR chunk contains sufficient data [2]. If a malicious file provides an undersized MDPR chunk, the parser reads beyond the allocated buffer, causing an out-of-bounds read. Affected versions are those using the flawed gst-rmdemux component; no specific version range is provided in the available references but any GStreamer build incorporating the vulnerable code is impacted.
Exploitation
An attacker must deliver a crafted RealMedia file to a target application that uses GStreamer to demux .rm content. No authentication or special network position is required beyond the ability to supply the file (e.g., via a media player, web browser, or streaming service). The attacker constructs an MDPR chunk with a truncated audio stream header that triggers out-of-bounds reads during parsing. The out-of-bounds values may propagate into stream metadata (caps negotiation) and control downstream operations.
Impact
A successful attack causes the GStreamer application to crash (denial of service). Additionally, bytes read past the buffer boundary may be incorporated into stream metadata, potentially leading to limited information disclosure of adjacent heap memory [1][2]. The out-of-bounds data can influence buffer allocation and codec selection, but no remote code execution is described in the available sources.
Mitigation
No fix is currently available; the upstream recommendation is a rewrite of the RealMedia demuxer [2]. Users are advised to avoid processing untrusted RealMedia files until a patch is released. The vulnerability is not listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog as of publication date.
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.