CVE-2026-52718

Published: Giu 15, 2026 Last Modified: Giu 15, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0031
Percentile
0,2th
Updated

EPSS Score Trend (Last 2 Days)

617

Reachable Assertion

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Crash, Exit, Or Restart
Applicable Platforms
Languages: Not Language-Specific, C, Java, Rust
View CWE Details
https://access.redhat.com/security/cve/CVE-2026-52718
https://access.redhat.com/security/cve/CVE-2026-52718
https://bugzilla.redhat.com/show_bug.cgi?id=2486328
https://bugzilla.redhat.com/show_bug.cgi?id=2486328
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_i…
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5103