Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-3082PATCHED

gstreamer · gstreamer

GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inter

Description

GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of Huffman tables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28840.

Affected Products

Vendor	Product	Versions
gstreamer	gstreamer	< 1.28.1

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7d3c258ed928cf59d126c8ea926b185f046f444c(Vendor Advisory)
https://www.zerodayinitiative.com/advisories/ZDI-26-163/(Third Party Advisory)

Related News (1 articles)

Tier B

BSI Advisories8h ago

[UPDATE] [hoch] GStreamer: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available1.28.1

CWECWE-122

Published3/16/2026

Last enriched3d ago

Trending Score26

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-3086

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inter

HIGHCVE-2026-3085

GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inte

HIGHCVE-2026-3083

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction

HIGHCVE-2026-3084

GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interac

HIGHCVE-2026-3081

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreame

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 16, 2026

Patch Available

Mar 17, 2026

Discovered by ZDM

Mar 26, 2026