CyberSec.Space Logo
返回 CVE 浏览器

CVE-2026-53701

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0480%
EPSS Percentile27.80th
Published2026年6月11日
Last Modified2026年6月11日

Vulnerability Description

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partition() (gsth266parser.c), the loop iterates without checking that the slice index stays within bounds, writing past three fixed-size arrays (slice_height_in_ctus, slice_top_left_ctu_x, slice_top_left_ctu_y) in the GstH266PPS structure. While the initial proof-of-concept demonstrated a 4-byte out-of-bounds write, the code permits larger writes across multiple iterations. A crafted H.266/VVC media file can trigger this vulnerability.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://access.redhat.com/security/cve/CVE-2026-53701
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=2487611

相关漏洞威胁

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...