Fluid Attacks Database

Description

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel10	gstreamer1-plugins-ugly-free	-	-
rpm rhel7	gstreamer1-plugins-ugly-free	-	-
rpm rhel8	gstreamer1-plugins-ugly-free	-	-
debian 13	gst-plugins-ugly1.0	=1.26.10-1 \|\| =1.26.3-4 \|\| =1.26.3-4+deb13u1 \|\| =1.26.4-1 \|\| =1.26.5-1 \|\| =1.26.5-2 \|\| =1.26.6-1 \|\| =1.26.7-1 \|\| =1.26.8-1 \|\| =1.26.9-1 \|\| =1.27.1-1 \|\| =1.27.2-1 \|\| =1.27.50-1 \|\| =1.27.50-2 \|\| =1.27.90-1 \|\| =1.28.0-1 \|\| =1.28.1-1 \|\| =1.28.2-1 \|\| =1.28.3-1 \|\| =1.28.4-1 \|\| =1.29.1-1	-
debian 14	gst-plugins-ugly1.0	=1.26.10-1 \|\| =1.26.3-4 \|\| =1.26.4-1 \|\| =1.26.5-1 \|\| =1.26.5-2 \|\| =1.26.6-1 \|\| =1.26.7-1 \|\| =1.26.8-1 \|\| =1.26.9-1 \|\| =1.27.1-1 \|\| =1.27.2-1 \|\| =1.27.50-1 \|\| =1.27.50-2 \|\| =1.27.90-1 \|\| =1.28.0-1 \|\| =1.28.1-1 \|\| =1.28.2-1 \|\| =1.28.3-1 \|\| >=0 <1.28.4-1	1.28.4-1
debian 12	gst-plugins-ugly1.0	=1.22.0-2 \|\| =1.22.0-2+deb12u1 \|\| =1.22.0-2+deb12u2 \|\| =1.22.1-1 \|\| =1.22.10-1 \|\| =1.22.3-1 \|\| =1.22.3-2 \|\| =1.22.4-1 \|\| =1.22.5-1 \|\| =1.22.6-1 \|\| =1.22.7-1 \|\| =1.22.8-1 \|\| =1.22.9-1 \|\| =1.23.1-1 \|\| =1.23.2-1 \|\| =1.23.90-1 \|\| =1.24.0-1 \|\| =1.24.1-1 \|\| =1.24.10-1 \|\| =1.24.11-1 \|\| =1.24.12-1 \|\| =1.24.2-1 \|\| =1.24.3-1 \|\| =1.24.4-1 \|\| =1.24.5-1 \|\| =1.24.6-1 \|\| =1.24.7-1 \|\| =1.24.8-1 \|\| =1.24.9-1 \|\| =1.25.1-1 \|\| =1.25.50-1 \|\| =1.25.50-2 \|\| =1.25.90-1 \|\| =1.25.90-2 \|\| =1.26.0-1 \|\| =1.26.1-1 \|\| =1.26.10-1 \|\| =1.26.2-1 \|\| =1.26.3-1 \|\| =1.26.3-2 \|\| =1.26.3-3 \|\| =1.26.3-4 \|\| =1.26.4-1 \|\| =1.26.5-1 \|\| =1.26.5-2 \|\| =1.26.6-1 \|\| =1.26.7-1 \|\| =1.26.8-1 \|\| =1.26.9-1 \|\| =1.27.1-1 \|\| =1.27.2-1 \|\| =1.27.50-1 \|\| =1.27.50-2 \|\| =1.27.90-1 \|\| =1.28.0-1 \|\| =1.28.1-1 \|\| =1.28.2-1 \|\| =1.28.3-1 \|\| =1.28.4-1 \|\| =1.29.1-1	-
debian 11	gst-plugins-ugly1.0	=1.18.4-2 \|\| =1.18.4-2+deb11u1 \|\| =1.18.4-2+deb11u2 \|\| =1.18.5-1 \|\| =1.19.90-1 \|\| =1.20.0-1 \|\| =1.20.1-1 \|\| =1.20.2-1 \|\| =1.20.3-1 \|\| =1.20.5-1 \|\| =1.22.0-1 \|\| =1.22.0-2 \|\| =1.22.1-1 \|\| =1.22.10-1 \|\| =1.22.3-1 \|\| =1.22.3-2 \|\| =1.22.4-1 \|\| =1.22.5-1 \|\| =1.22.6-1 \|\| =1.22.7-1 \|\| =1.22.8-1 \|\| =1.22.9-1 \|\| =1.23.1-1 \|\| =1.23.2-1 \|\| =1.23.90-1 \|\| =1.24.0-1 \|\| =1.24.1-1 \|\| =1.24.10-1 \|\| =1.24.11-1 \|\| =1.24.12-1 \|\| =1.24.2-1 \|\| =1.24.3-1 \|\| =1.24.4-1 \|\| =1.24.5-1 \|\| =1.24.6-1 \|\| =1.24.7-1 \|\| =1.24.8-1 \|\| =1.24.9-1 \|\| =1.25.1-1 \|\| =1.25.50-1 \|\| =1.25.50-2 \|\| =1.25.90-1 \|\| =1.25.90-2 \|\| =1.26.0-1 \|\| =1.26.1-1 \|\| =1.26.10-1 \|\| =1.26.2-1 \|\| =1.26.3-1 \|\| =1.26.3-2 \|\| =1.26.3-3 \|\| =1.26.3-4 \|\| =1.26.4-1 \|\| =1.26.5-1 \|\| =1.26.5-2 \|\| =1.26.6-1 \|\| =1.26.7-1 \|\| =1.26.8-1 \|\| =1.26.9-1 \|\| =1.27.1-1 \|\| =1.27.2-1 \|\| =1.27.50-1 \|\| =1.27.50-2 \|\| =1.27.90-1 \|\| =1.28.0-1 \|\| =1.28.1-1 \|\| =1.28.2-1 \|\| =1.28.3-1 \|\| =1.28.4-1 \|\| =1.29.1-1	-
rpm rhel9	gstreamer1-plugins-ugly-free	-	-

Aliases

1. CVE-2026-537042. NVD-2026-537043. OSV-2026-537044. OSV-DEBIAN-2026-537045. SECURITY-TRACKER-CVE-2026-53704

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.