CVE-2026-53703

HIGH

CVSS v3.1: 7.1 · EPSS: 0.0019 (9.0 percentile)

NetworkNo privilegesOut-of-bounds Read

Source data as of:

At a glance

Severity
HIGH
CVSS
7.1 v3.1 · NVD
EPSS
0.0019 (9.0 percentile) · FIRST.org
CISA KEV
No
Type
Out-of-bounds Read · NVD CWE
Attack conditions (CVSS vector)
NetworkNo privileges · Source: NVD Vector
Published
2026-06-15 · Modified: 2026-07-08

CVSS / EPSS / KEV

CVSS v3.1 7.1 / 10 HIGH Source: NVD
EPSS 0.0019 9.0 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.

Record details

CVE ID
CVE-2026-53703
CVSS (v3.1)
7.1 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Exploitability subscore
2.8
Impact subscore
4.2
EPSS
0.0019 (9.0 percentile) — 2026-07-09
CISA KEV
No
Weakness (CWE)
CWE-125
Affected configurations (CPE)
0
Published
2026-06-15
Modified
2026-07-08
Status
Awaiting Analysis

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.