CVE-2026-53705
HighCVSS 7.6Exploitation Probability (EPSS)
Low risk23th percentile - higher than 23% of all known CVEs
Summary
A flaw in GStreamer's WavPack audio decoder (gst-plugins-good) involves an integer overflow in buffer size calculation (4 * block_samples * channels), leading to a very small heap allocation. The WavPack library then writes decoded audio samples beyond the allocated buffer, causing heap memory corruption. This affects both 32-bit and 64-bit systems.
Risk Assessment
A remote attacker could exploit this vulnerability to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
Recommendation
Immediately update GStreamer (gst-plugins-good) to a patched version that fixes the integer overflow. Until the update is applied, avoid opening untrusted WavPack audio files.
Original NVD description (English source)
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.

