CVE-2026-1940

EUVD-2026-14551
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
freedesktopgst-plugins-good
1.0.0
gstreamergstreamer
𝑥
< 1.28.1
debiandebian_linux
11.0
debiandebian_linux
12.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gst-plugins-good1.0
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
1.28.4-1
fixed
sid
1.28.4-1
fixed
trixie
vulnerable
trixie (security)
1.26.2-1+deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gst-plugins-bad1.0
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
not-affected
trusty
needs-triage
xenial
ignored
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
gstreamer-plugins-good
Amazon Linux 2
0:0.10.31-20.amzn2.0.3
fixed
gstreamer-plugins-good-debuginfo
Amazon Linux 2
0:0.10.31-20.amzn2.0.3
fixed
gstreamer-plugins-good-devel-docs
Amazon Linux 2
0:0.10.31-20.amzn2.0.3
fixed
gstreamer1-plugins-good
Amazon Linux 2
0:1.18.4-6.amzn2.0.10
fixed
Amazon Linux 2023
0:1.24.10-1.amzn2023.0.5
fixed
gstreamer1-plugins-good-debuginfo
Amazon Linux 2
0:1.18.4-6.amzn2.0.10
fixed
Amazon Linux 2023
0:1.24.10-1.amzn2023.0.5
fixed
gstreamer1-plugins-good-debugsource
Amazon Linux 2023
0:1.24.10-1.amzn2023.0.5
fixed
gstreamer1-plugins-good-gtk
Amazon Linux 2
0:1.18.4-6.amzn2.0.10
fixed
Amazon Linux 2023
0:1.24.10-1.amzn2023.0.5
fixed
gstreamer1-plugins-good-gtk-debuginfo
Amazon Linux 2023
0:1.24.10-1.amzn2023.0.5
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-1940
https://bugzilla.redhat.com/show_bug.cgi?id=2436932
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4854
https://gstreamer.freedesktop.org/security/sa-2026-0001.html
https://security-tracker.debian.org/tracker/CVE-2026-1940