This Red Hat security advisory addresses multiple critical vulnerabilities in GStreamer, including heap-based buffer overflows and out-of-bounds writes in components like the JPEG parser, RealMedia demuxer, and RTP payloader, which can lead to remote code execution via malicious media file processing. The CVSS scores for the listed CVEs range from 7.8 to 8.8. Affected versions are GStreamer prior to version 1.28.1, and the fix is to upgrade the specified plugin packages to the patched version, 1.28.1.
Red Hat Product Errata RHSA-2026:19180 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19180 - Security Advisory Overview Updated Packages Synopsis Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920) GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082) GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085) GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921) GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083) GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer (CVE-2026-2922) GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2447490 - CVE-2026-2920 GStreamer: GStreamer: Arbitrary code execution via ASF file processing BZ - 2447492 - CVE-2026-3082 GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser BZ - 2447495 - CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay BZ - 2447496 - CVE-2026-2921 GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling BZ - 2447498 - CVE-2026-3083 GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay BZ - 2447500 - CVE-2026-2922 GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer BZ - 2447503 - CVE-2026-2923 GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling CVEs CVE-2026-2920 CVE-2026-2921 CVE-2026-2922 CVE-2026-2923 CVE-2026-3082 CVE-2026-3083 CVE-2026-3085 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM gstreamer1-plugins-bad-free-1.22.12-7.el9_8.src.rpm SHA-256: 88d85e4da84f560dead10b3641aa3490e92ddcdd8da239ea71728f179b666ab3 gstreamer1-plugins-base-1.22.12-8.el9_8.src.rpm SHA-256: fab4b84481bd81b565730e0748edc065d13528db024a876ffbc489330b3d56f5 gstreamer1-plugins-good-1.22.12-7.el9_8.src.rpm SHA-256: 9371d7eaa405dac5f06d4285da8e9d4f4813ddd4ddef9fdba5c883d00a34dabb gstreamer1-plugins-ugly-free-1.22.12-6.el9_8.src.rpm SHA-256: 78523298f333bd30265092937e01d5466a42a765696610f2ae72da232c60b17f x86_64 gstreamer1-plugins-bad-free-1.22.12-7.el9_8.x86_64.rpm SHA-256: 5f04a25b20e522c7b4fb0dd18f0b25cd26ef8d2691c6fc3496392e3b707d2fc2 gstreamer1-plugins-bad-free-debuginfo-1.22.12-7.el9_8.x86_64.rpm SHA-256: b27c3e319e93127296e86df616277e63f317d632ae5c5aaca8dfdd6edd76dcd9 gstreamer1-plugins-bad-free-debugsource-1.22.12-7.el9_8.x86_64.rpm SHA-256: 730ebd177d437e00f269d366470649b5a87a3f4abb7b7dfed68e493a5005aa1c gstreamer1-plugins-bad-free-libs-1.22.12-7.el9_8.x86_64.rpm SHA-256: 63552a0aa849f644352011ee5541543974ade055abb9df059a7897eaa0085a38 gstreamer1-plugins-bad-free-libs-debuginfo-1.22.12-7.el9_8.x86_64.rpm SHA-256: fe8fb9a1c94adb846a50033c35192414816dd2698101969fa601c9640e30d13e gstreamer1-plugins-base-1.22.12-8.el9_8.x86_64.rpm SHA-256: 3d0a73ea589a11f72260d9ff3fd780f855de89db6b867ffde4ab3306424bb8b3 gstreamer1-plugins-base-debuginfo-1.22.12-8.el9_8.x86_64.rpm SHA-256: f162c93bb20bbd77ccc0fcec1779f70623471567dfca5eb31e77fd64b70c2a3b gstreamer1-plugins-base-debugsource-1.22.12-8.el9_8.x86_64.rpm SHA-256: 8827779b9a1c641ebe2a24d59119bf8930d3a055fce2e0412b26aca700a3bec7 gstreamer1-plugins-base-devel-1.22.12-8.el9_8.x86_64.rpm SHA-256: b0cca8517a25ea988d36f818ec1d8255e6adcacb3a1aa1caf7104593c2ee0bae gstreamer1-plugins-base-tools-1.22.12-8.el9_8.x86_64.rpm SHA-256: 574562d2189a4fc4c3340ebf2cba90bd58e32fd74f142b689b72cef5997fed37 gstreamer1-plugins-base-tools-debuginfo-1.22.12-8.el9_8.x86_64.rpm SHA-256: 91ddc124b2217b31d7633befa15e5314605c254bf9e3aec259c1533369c49308 gstreamer1-plugins-good-1.22.12-7.el9_8.x86_64.rpm SHA-256: 6c20d609343463e7c7d19acea29b69c0f858ec196a71cbfa4e7af4e67ee4893a gstreamer1-plugins-good-debuginfo-1.22.12-7.el9_8.x86_64.rpm SHA-256: 0e9e2c8be8267c5196412aa4dcca43497432371fdb59f1bb8f025f0fedc8cb34 gstreamer1-plugins-good-debugsource-1.22.12-7.el9_8.x86_64.rpm SHA-256: 00eae4bd7fbecbd28fac5f32da00fb1e4940e1e0a7018b90fbf196aa4e697b9c gstreamer1-plugins-good-gtk-1.22.12-7.el9_8.x86_64.rpm SHA-256: b2d4705ca5ec6ff21e4e0b1f8a62ce5c529fbc4affb1a713f0bc282e0cb1b316 gstreamer1-plugins-good-gtk-debuginfo-1.22.12-7.el9_8.x86_64.rpm SHA-256: 1a48326c118bc99f4506f62d94e867131e0bb7f61c6b0bcbc41ce3e9306c21db gstreamer1-plugins-good-qt-debuginfo-1.22.12-7.el9_8.x86_64.rpm SHA-256: cae92ca1ac0f44ba031b407a83f06d053ff7da17877511e5d2b42291843d70f9 gstreamer1-plugins-ugly-free-1.22.12-6.el9_8.x86_64.rpm SHA-256: 7d5e69e0a9e19ab60bb5dc1bd63cc1f313ae1ab56e99cf016ea6e0e5c9413537 gstreamer1-plugins-ugly-free-debuginfo-1.22.12-6.el9_8.x86_64.rpm SHA-256: aec40301df425d726658b43ae7c8901c9868aa6cd6f9390af7ca10f496820b5f gstreamer1-plugins-ugly-free-debugsource-1.22.12-6.el9_8.x86_64.rpm SHA-256: 1c05710a852772d464ca6f76836b035d1f31257648ff36244a84fd7451ab1328 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM gstreamer1-plugins-bad-free-1.22.12-7.el9_8.src.rpm SHA-256: 88d85e4da84f560dead10b3641aa3490e92ddcdd8da239ea71728f179b666ab3 gstreamer1-plugins-base-1.22.12-8.el9_8.src.rpm SHA-256: fab4b84481bd81b565730e0748edc065d13528db024a876ffbc489330b3d56f5 gstreamer1-plugins-good-1.22.12-7.el9_8.src.rpm SHA-256: 9371d7eaa405dac5f06d4285da8e9d4f4813ddd4ddef9fdba5c883d00a34dabb gstreamer1-plugins-ugly-free-1.22.12-6.el9_8.src.rpm SHA-256: 78523298f333bd30265092937e01d5466a42a765696610f2ae72da232c60b17f x86_64 gstreamer1-plugins-bad-free-1.22.12-7.el9_8.x86_64.rpm SHA-256: 5f04a25b20e522c7b4fb0dd18f0b25cd26ef8d2691c6fc3496392e3b707d2fc2 gstreamer1-plugins-bad-free-debuginfo-1.22.12-7.el9_8.x86_64.rpm SHA-256: b27c3e319e93127296e86df616277e63f317d632ae5c5aaca8dfdd6edd76dcd9 gstreamer1-plugins-bad-free-debugsource-1.22.12-7.el9_8.x86_64.rpm SHA-256: 730ebd177d437e00f269d366470649b5a87a3f4abb7b7dfed68e493a5005aa1c gstreamer1-plugins-bad-free-libs-1.22.12-7.el9_8.x86_64.rpm SHA-256: 63552a0aa849f644352011ee5541543974ade055abb9df059a7897eaa0085a38 gstreamer1-plugins-bad-free-libs-debuginfo-1.22.12-7.el9_8.x86_64.rpm SHA-256: fe8fb9a1c94adb846a50033c35192414816dd2698101969fa601c9640e30d13e gstreamer1-plugins-base-1.22.12-8.el9_8.x86_64.rpm SHA-256: 3d0a73ea589a11f72260d9ff3fd780f855de89db6b867ffde4ab3306424bb8b3 gstreamer1-plugins-base-debuginfo-1.22.12-8.el9_8.x86_64.rpm SHA-256: f162c93bb20bbd77ccc0fcec1779f70623471567dfca5eb31e77fd64b70c2a3b gstreamer1-plugins-base-debugsource-1.22.12-8.el9_8.x86_64.rpm SHA-256: 8827779b9a1c641ebe2a24d59119bf8930d3a055fce2e0412b26aca700a3bec7 gstreamer1-plugins-base-devel-1.22.12-8.el9_8.x86_64.rpm SHA-256: b0cca8517a25ea988d36f818ec1d8255e6adcacb3a1aa1caf7104593c2ee0bae gstream