CVE-2026-52718

6.5 MEDIUM

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-617

Description

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-29116 — A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, ...
CVE-2026-29115 — A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, tr...
CVE-2026-46543 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.3 MEDIUM)
CVE-2026-46542 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (4.3 MEDIUM)
CVE-2026-9750 — An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal ... (6.5 MEDIUM)