vulnerability
Oracle Linux: CVE-2026-2920: ELSA-2026-6259: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Mar 13, 2026 | Apr 2, 2026 | Apr 2, 2026 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Mar 13, 2026
Added
Apr 2, 2026
Modified
Apr 2, 2026
Description
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF (Advanced Systems Format) files, leading to data being copied to a fixed-length heap-based buffer without proper bounds checking. Successful exploitation can result in arbitrary code execution in the context of the current process.
Solutions
oracle-linux-upgrade-gstreamer1-plugins-bad-freeoracle-linux-upgrade-gstreamer1-plugins-bad-free-develoracle-linux-upgrade-gstreamer1-plugins-bad-free-libsoracle-linux-upgrade-gstreamer1-plugins-baseoracle-linux-upgrade-gstreamer1-plugins-base-develoracle-linux-upgrade-gstreamer1-plugins-base-toolsoracle-linux-upgrade-gstreamer1-plugins-goodoracle-linux-upgrade-gstreamer1-plugins-good-gtkoracle-linux-upgrade-gstreamer1-plugins-ugly-free
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.