CVE-2026-5056: Critical Stack-Based Buffer Overflow in GStreamer qtdemux Allows Remote Code Execution
A critical stack-based buffer overflow vulnerability in GStreamer's qtdemux parser, tracked as CVE-2026-5056, allows remote attackers to execute arbitrary code via specially crafted media files.
A critical stack-based buffer overflow vulnerability has been disclosed in GStreamer, the widely-used open-source multimedia framework. Tracked as CVE-2026-5056 and reported by researcher DongHyeon Hwang (kind_killerwhale) through the Zero Day Initiative (ZDI-26-283), the flaw resides in the qtdemux parser component responsible for handling QuickTime media files.
The vulnerability specifically exists within the parsing of UncompressedFrameConfigBox structures. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The CVSS score is 7.8, indicating high severity, with the attack vector being local but requiring user interaction.
GStreamer is a core component in many Linux distributions and is used by numerous media applications, including video players, streaming services, and multimedia frameworks. The qtdemux parser is invoked when processing QuickTime (.mov, .mp4) files, making this a potential vector for remote code execution if a user opens a malicious media file. Attack vectors may vary depending on the implementation, but user interaction is required.
GStreamer has issued a security update to address this vulnerability. The advisory is available at GStreamer's security advisory sa-2026-0016. Users and system administrators are strongly advised to update their GStreamer installations to the latest patched version as soon as possible.
The disclosure timeline shows that the vulnerability was reported to the vendor on March 12, 2026, and the coordinated public release of the advisory occurred on April 15, 2026. This is a typical responsible disclosure process. No active exploitation has been reported at this time, but given the widespread use of GStreamer, the risk of exploitation is significant.
This vulnerability highlights the ongoing challenges in securing complex multimedia parsing libraries. Stack-based buffer overflows are a classic but still prevalent class of vulnerability, often leading to code execution. Users should exercise caution when opening media files from untrusted sources and ensure their software is up to date.