HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-53705Published Modified CNA redhat

CVE-2026-53705: Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.

Metrics

CVSS v3.1
7.6
Severity
HIGH
Fixed in
Affected Products
4

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap buffer overflow affects GStreamer's WavPack audio decoder in gst-plugins-good. The flaw is reachable over the network but requires a user to open a malicious WavPack file; no authentication is needed. Successful exploitation crashes the affected application or gives the attacker arbitrary code execution on the host. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds (including Red Hat security advisories) within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built images that bundle gst-plugins-good.

Available
Triage

Triage is available with a CVSS 3.1 score of 7.6 (HIGH), surfaced alongside any per-environment compliance policy weighting configured by the customer organization; findings are routed to the appropriate team inbox based on each customer's ownership mapping.

Available
Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Red Hat or the upstream project ships a corrected package. For customers with auto-remediation enabled, a rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention as soon as the fix lands.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the malicious WavPack file over the network, so the affected service or user endpoint must be reachable from an external origin.

  • AuthenticationNot required

    No account or credential is needed; any unauthenticated party can supply the crafted file.

  • Victim interactionRequired

    A user must be convinced to open the malicious WavPack audio file, making this a social-engineering-dependent attack.

  • Attack complexityDetail

    Exploit conditions are reliable and largely condition-free; the integer overflow is deterministic and does not depend on race conditions or specific memory layout.

Blast Radius

  • A successful exploit crashes the application processing the WavPack file, taking down any dependent service or pipeline stage with it.
  • Heap memory corruption beyond the allocation boundary gives the attacker a write primitive that can overwrite adjacent heap metadata or data structures.
  • On a successful code-execution path, the attacker gains the full privileges of the process running the GStreamer decoder, which may include access to session data, credentials, or other in-memory secrets.
  • Both 32-bit and 64-bit container images are affected because the overflow occurs in 32-bit arithmetic before the result is promoted to the allocation size type.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of this advisory is active, with re-ingestion on every feed cycle so that the moment Red Hat publishes a fix for gst-plugins-good, a patched-image rebuild becomes available without requiring manual configuration. In the interim, compensating controls are worth considering: network-policy isolation to restrict which workloads can load arbitrary audio files, egress filtering on pipelines that invoke GStreamer-based processing, and feature-flag or capability gating to disable WavPack decoding where it is not required by the application. For customers with auto-remediation enabled, once a fix version is published the full flow (image rebuild, regression run, and PR opened against affected workloads) will trigger automatically. Customers without auto-remediation will see the patched image flagged as available in the HarborGuard dashboard for manual promotion.

See how HarborGuard automates this
Affected packages
  • Red Hat / Red Hat Enterprise Linux 10
  • Red Hat / Red Hat Enterprise Linux 7
  • Red Hat / Red Hat Enterprise Linux 8
  • Red Hat / Red Hat Enterprise Linux 9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
References