Out-of-Bounds Read Vulnerability in GStreamer’s pcapparse Element
CVE-2026-52721

5.3MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
15 June 2026

What is CVE-2026-52721?

Multiple out-of-bounds read vulnerabilities exist in GStreamer’s pcapparse element, which processes malformed PCAP records. During IPv4/TCP header parsing, specially crafted PCAP files can lead to reads outside defined buffer boundaries, potentially causing application crashes or leaking sensitive information. This element is predominantly utilized in debugging pipelines, which limits practical exposure, yet poses risks if exploited by a local attacker.

References

https://access.redhat.com/security/cve/CVE-2026-52721
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2486732
issue-trackingx_refsource_REDHAT
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank JUNYI LIU for reporting this issue.
.