CVE Catalog

CVE-2026-53705

HighCVSS 7.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile - higher than 23% of all known CVEs

Summary

A flaw in GStreamer's WavPack audio decoder (gst-plugins-good) involves an integer overflow in buffer size calculation (4 * block_samples * channels), leading to a very small heap allocation. The WavPack library then writes decoded audio samples beyond the allocated buffer, causing heap memory corruption. This affects both 32-bit and 64-bit systems.

Risk Assessment

A remote attacker could exploit this vulnerability to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.

Recommendation

Immediately update GStreamer (gst-plugins-good) to a patched version that fixes the integer overflow. Until the update is applied, avoid opening untrusted WavPack audio files.

Original NVD description (English source)

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS