Red Hat Product Errata RHSA-2026:8874 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8874 - Security Advisory Overview Updated Packages Synopsis Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082) GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085) GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921) GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2447492 - CVE-2026-3082 GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser BZ - 2447495 - CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay BZ - 2447496 - CVE-2026-2921 GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling BZ - 2447498 - CVE-2026-3083 GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay CVEs CVE-2026-2921 CVE-2026-3082 CVE-2026-3083 CVE-2026-3085 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM gstreamer1-plugins-bad-free-1.18.4-9.el9_2.src.rpm SHA-256: 835b9c3c0de1f94becbeb9de2cb2a0cd822ab7257d82ce8070a04ee44f222f53 gstreamer1-plugins-base-1.18.4-8.el9_2.src.rpm SHA-256: ca998f86d64166e53a4d307ede430cbb5b42791ec33a802d253100e8df376367 gstreamer1-plugins-good-1.18.4-8.el9_2.src.rpm SHA-256: d908f733f435e831aed8bcf66cc3facca566c895679ff207fe3a31ca1ddca80d x86_64 gstreamer1-plugins-bad-free-1.18.4-9.el9_2.i686.rpm SHA-256: 24f1760c7a91627c865a25ea5e81e07574cc040ec21a2c99a965001aa96f2f84 gstreamer1-plugins-bad-free-1.18.4-9.el9_2.x86_64.rpm SHA-256: f8727433ebfe25ead891c34dac1d975a68ad27535e62a3b3a5ca6646841786a5 gstreamer1-plugins-bad-free-debuginfo-1.18.4-9.el9_2.i686.rpm SHA-256: 138208c542f8ce2a976d20c3b396a6d131dad4bda8fbd96723482aee0e063d48 gstreamer1-plugins-bad-free-debuginfo-1.18.4-9.el9_2.x86_64.rpm SHA-256: b988de78f02c2482c34e6ae3cd68dd1935bce5a44640c90ab50884f6e67b7083 gstreamer1-plugins-bad-free-debugsource-1.18.4-9.el9_2.i686.rpm SHA-256: 1e06f0da67a31199b20f64fb767575cbc6366f84b7737080ce29bdd651e2c635 gstreamer1-plugins-bad-free-debugsource-1.18.4-9.el9_2.x86_64.rpm SHA-256: 0bae89e07a981e57f97be516e0cfa172e91b100dee3ff73abcd5a7406a0aebd7 gstreamer1-plugins-base-1.18.4-8.el9_2.i686.rpm SHA-256: 3978e698f31150a0e585bc8916a8c65059ba4c277776ad9a11c47808493118c0 gstreamer1-plugins-base-1.18.4-8.el9_2.x86_64.rpm SHA-256: 64334d97ee0d87536b90627348dac37c049a200fb3da00adec3cafa7c6960324 gstreamer1-plugins-base-debuginfo-1.18.4-8.el9_2.i686.rpm SHA-256: 1196d9824f5a41d0ee5187203dc95b420ed58ba36a9909ab44d2b4f7a907ae19 gstreamer1-plugins-base-debuginfo-1.18.4-8.el9_2.x86_64.rpm SHA-256: ebf3f1e37460e0848ca81a8807b5c90be1087bd42caac8581f36fe0fb224a62d gstreamer1-plugins-base-debugsource-1.18.4-8.el9_2.i686.rpm SHA-256: a2c1a378d2d2f0c189ee32aef7aa064acb6daa89c1faf836ce9dcdc1c8fde215 gstreamer1-plugins-base-debugsource-1.18.4-8.el9_2.x86_64.rpm SHA-256: 9b159bc5b2b058d9791de76ee95eebbcb06a0924db21797ffd3b12c244598094 gstreamer1-plugins-base-devel-1.18.4-8.el9_2.i686.rpm SHA-256: 8e0301593b30ee6bbf4f8b59b2399a691aad103b0361862438cd5bb818a55ee6 gstreamer1-plugins-base-devel-1.18.4-8.el9_2.x86_64.rpm SHA-256: 8aec8c6a6389cecc9ad74ef95f2e85405ba25242c210c1fd7352b354cf762dfd gstreamer1-plugins-base-tools-1.18.4-8.el9_2.x86_64.rpm SHA-256: a033d61f67738442ce25bf7a833e18f4ead8424b127e38c180c2481b8d7e5416 gstreamer1-plugins-base-tools-debuginfo-1.18.4-8.el9_2.i686.rpm SHA-256: ace00b99e5af28ea082c575027dff67cf0593b5566e06e21dbaa8db472d6eb4a gstreamer1-plugins-base-tools-debuginfo-1.18.4-8.el9_2.x86_64.rpm SHA-256: 3d071ad464627a0073cf83e69aca41900a945bd29ed847dbe669c9b97062cbdc gstreamer1-plugins-good-1.18.4-8.el9_2.i686.rpm SHA-256: 2d2ef418adaae37deb6a51dc7ef96fc2a40d21671f2a26211a993543e289e628 gstreamer1-plugins-good-1.18.4-8.el9_2.x86_64.rpm SHA-256: c92d79b2ba4da733a79f154f4ac1b123f0f534e610d89b8c870782f2563a17eb gstreamer1-plugins-good-debuginfo-1.18.4-8.el9_2.i686.rpm SHA-256: 4047587f05a977aeb4de822c028cb46348c5be34257d4ce93cd8a3840a66b5db gstreamer1-plugins-good-debuginfo-1.18.4-8.el9_2.x86_64.rpm SHA-256: 47bff4a99020427f6a7d40ad206fb02561428772cdf385c1f4c25309c02fe0c2 gstreamer1-plugins-good-debugsource-1.18.4-8.el9_2.i686.rpm SHA-256: d3179a3ffbc3da7c7d422393abbbd6bb5e16feea0269a7886f78c4ba1250fb93 gstreamer1-plugins-good-debugsource-1.18.4-8.el9_2.x86_64.rpm SHA-256: 710098aa2c39751d4eb079dd312c8379c8dc21d10e716ee62d8ef649ba66827f gstreamer1-plugins-good-gtk-1.18.4-8.el9_2.i686.rpm SHA-256: 1a9332a9661915dceff69429ad6c568e17710013afc4b703c449d3b15d44bb8b gstreamer1-plugins-good-gtk-1.18.4-8.el9_2.x86_64.rpm SHA-256: 05e8aaafbb184d614cba60ce658deb2b01cc6389d54aa837a6e8a9c380583713 gstreamer1-plugins-good-gtk-debuginfo-1.18.4-8.el9_2.i686.rpm SHA-256: a3170602daa4f34e440e5ad45413453d188f5d8daf9b5fdc0caee32ec4e0d87f gstreamer1-plugins-good-gtk-debuginfo-1.18.4-8.el9_2.x86_64.rpm SHA-256: 9d858cadecda01ba04a60330886fff676675e64848701d95ca3b577fb4b9d166 gstreamer1-plugins-good-qt-debuginfo-1.18.4-8.el9_2.i686.rpm SHA-256: fb2d74bc173b7d818b4aeefd506fff86ba4106576e6fa64aa09fd7d155be0c63 gstreamer1-plugins-good-qt-debuginfo-1.18.4-8.el9_2.x86_64.rpm SHA-256: 4fa68bd988d1acac20024b26f02299e32206f58298a77dfc7e24763647262919 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM gstreamer1-plugins-bad-free-1.18.4-9.el9_2.src.rpm SHA-256: 835b9c3c0de1f94becbeb9de2cb2a0cd822ab7257d82ce8070a04ee44f222f53 gstreamer1-plugins-base-1.18.4-8.el9_2.src.rpm SHA-256: ca998f86d64166e53a4d307ede430cbb5b42791ec33a802d253100e8df376367 gstreamer1-plugins-good-1.18.4-8.el9_2.src.rpm SHA-256: d908f733f435e831aed8bcf66cc3facca566c895679ff207fe3a31ca1ddca80d ppc64le gstreamer1-plugins-bad-free-1.18.4-9.el9_2.ppc64le.rpm SHA-256: 0e3431017c1e35598d539982d1d855b8842847cd1762918f7219fc5cc8c08f9f gstreamer1-plugins-bad-free-debuginfo-1.18.4-9.el9_2.ppc64le.rpm SHA-256: 95a403eb1c47544ba935a74c3d94b8d04a980ac5649fe661cf65c6b3eb0e2801 gstreamer1-plugins-bad-free-debugsource-1.18.4-9.el9_2.ppc64le.rpm SHA-256: e602292030f812f97e623ee0c86ad2fa396e9b2675e685ccc47e0673d22af4bc gstreamer1-plugins-base-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 63f001e2ac8d51116d2c46bfaff15b4bb9e9d28e7957b44ac9faa77c31983c94 gstreamer1-plugins-base-debuginfo-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 1f9c940b65723f62c40f8a343180bf227e26aa43e8577aa804301a553cf192b4 gstreamer1-plugins-base-debugsource-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 0d35e9606669021987f0e63e5a86188665a00ddd18272537ed457bb1e2417cb0 gstreamer1-plugins-base-devel-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 2a490c0bbf6110cd40e2a26ca8d2ae954d5dbb27d9b176d4445cf88aa53ae207 gstreamer1-plugins-base-tools-1.18.4-8.el9_2.ppc64le.rpm SHA-256: d63963874975dd978b1d39f1a9d30bf90635caebc7b41967811d07baa5f28aad gstreamer1-plugins-base-tools-debuginfo-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 320ac763db30db36adb773d225cf7c97df48dc9b3d1fbd8245323ee1e9f43b15 gstreamer1-plugins-good-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 518ae9bf40ed260f67d480c147e3e6a8ac8c718ce7605782c6e5e0538208e1ec gstreamer1-plugins-good-debuginfo-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 18fa46dae46b443d8761f202d34b33a6c0fef8545cd85f262d1713a8351a04fe gstreamer1-plugins-good-debugsource-1.18.4-8.el9_2.ppc64le.rpm SHA-256: b8d20c2db80a88cd2270844c3b761248d0f8d236303ad4f888b27199f8c2980b gstreamer1-plugins-good-gtk-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 4f99964871d10a2f24bc9ddd99368ac8461e86923b8f47d4fce958ff17ba1f64 gstreamer1-plugins-good-gtk-debuginfo-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 53795e39434613f00545d2ddf0fb5354c179649a21763c46fe4d910e99f138f0 gstreamer1-plugins-good-qt-debuginfo-1.18.4-8.el9_2.ppc64le.rpm SHA-256: 5e180f691ecfa146142bd7ceecde488355d4ba81e4ad05f7f2500ecc6d6ae534 Red Hat Enterprise Linux for x86