CVE-2026-46469

MEDIUM EPSS 1.1%

Published May 14, 20261mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 3.1

Medium

Published May 14, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

CVSS Details

Base Score

5.5

Exploitability

1.8

Impact

3.6

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

1.1% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-369

Affected Products 1

Vendor	Product	Version	Range
freedesktop	gst-plugins-good	*	<1.28.2

References 2

gitlab.freedesktop.org https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch

Patch
gstreamer.freedesktop.org https://gstreamer.freedesktop.org/security/sa-2026-0018.html

Vendor Advisory

Remediation

gitlab.freedesktop.org https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch

Patch