Primary

Context

GStreamer Out-of-Bounds Read Vulnerability in WAV Parser

Vulnerability

A vulnerability allowing an out-of-bounds read has been identified in the GStreamer WAV parser, specifically in the 'gst_wavparse_adtl_chunk()' function. This issue arises from an incomplete fix for a previous vulnerability (CVE-2024-47778). The applied patch introduced a size validation check, but failed to consider the 'GST_ROUND_UP_2(lsize)' used in the offset calculation. As a result, when 'lsize' is an odd number, the parser reads more bytes than validated, leading to an out-of-bounds read. This vulnerability affects GStreamer versions prior to 1.28.1.

Impact

Exploitation of this vulnerability can cause application crashes when processing certain WAV files, due to the out-of-bounds read.

Remediation

Users can upgrade to GStreamer version 1.28.1 or later to address this vulnerability. Instructions for applying the patch and recompiling are available in the GStreamer 1.28.1 release notes.

Added: Mar 23, 2026, 10:48 PM

Updated: Mar 23, 2026, 10:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GStreamer Out-of-Bounds Read Vulnerability in WAV Parser

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating