CVE-2026-53703
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly) where an out-of-bounds read occurs when processing .rm files. Lack of size validation for MDPR chunks before reading audio stream headers can cause application crashes or limited information disclosure.
Risk Assessment
An attacker can craft a malicious media file that, when opened by a user, may crash the application or leak memory contents, posing risks to stability and data confidentiality.
Recommendation
Update GStreamer and the gst-plugins-ugly package to a patched version. Until then, avoid opening .rm files from untrusted sources.
Original NVD description (English source)
A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.

