CVE-2026-1940

Source
https://cve.org/CVERecord?id=CVE-2026-1940
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1940.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1940
Downstream
Published
2026-03-23T21:26:14.719Z
Modified
2026-07-15T01:49:05.401661185Z
Severity
  • 5.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
Gstreamer: incomplete fix of cve-2026-1940
Details

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GSTROUNDUP2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1940.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/gstreamer/gstreamer

Affected ranges

Type
GIT
Repo
https://github.com/gstreamer/gstreamer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.28.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.1.1
1.1.2
1.1.3
1.1.4
1.1.90
1.10.0
1.11.0
1.11.1
1.11.2
1.11.90
1.11.91
1.12.0
1.13.1
1.13.90
1.13.91
1.14.0
1.15.1
1.15.2
1.15.90
1.16.0
1.17.1
1.17.2
1.17.90
1.18.0
1.19.1
1.19.2
1.19.3
1.19.90
1.2.0
1.20.0
1.21.1
1.21.2
1.21.3
1.21.90
1.22.0
1.23.1
1.23.2
1.23.90
1.24.0
1.25.1
1.25.50
1.25.90
1.26.0
1.27.1
1.27.2
1.27.50
1.27.90
1.28.0
1.3.1
1.3.2
1.3.3
1.3.90
1.3.91
1.4.0
1.5.1
1.5.2
1.5.90
1.5.91
1.6.0
1.7.1
1.7.2
1.7.90
1.7.91
1.8.0
1.9.1
1.9.2
1.9.90
Other
BEFORE_INDENT
BRANCH-AUTOPLUG2-ROOT
BRANCH-BUILD1-200112061-ROOT
BRANCH-BUILD1-200112101-ROOT
BRANCH-BUILD1-20011216-FREEZE
BRANCH-BUILD1-ROOT
BRANCH-CAPSNEGO1-ROOT
BRANCH-ERROR-ROOT
BRANCH-EVENTS1-200110161-ROOT
BRANCH-EVENTS1-ROOT
BRANCH-EVENTS2-ROOT
BRANCH-GOBJECT1-200106241-ROOT
BRANCH-GOBJECT1-ROOT
BRANCH-GSTREAMER-0_6-ROOT
BRANCH-GSTREAMER-0_8-ROOT
BRANCH-INCSCHED1-200104161-ROOT
BRANCH-INCSCHED1-200104251-ROOT
BRANCH-INCSCHED1-200105231-ROOT
BRANCH-INCSCHED1-200105251-ROOT
BRANCH-INCSCHED1-ROOT
BRANCH-PLUGINVER1-20010422-ROOT
BRANCH-PLUGINVER1-ROOT
BRANCH-RELEASE-0_3_3-ROOT
BRANCH-RELEASE-0_3_4-ROOT
BRANCH-RELEASE-0_4_0-ROOT
BRANCH-RELEASE-0_4_1-ROOT
BRANCH-RELEASE-0_4_2-ROOT
BRANCH-RELEASE-0_5_0-ROOT
BRANCH-RELEASE-0_5_1-ROOT
BRANCH-RELEASE-0_5_2-ROOT
BRANCH-RELEASE-0_7_2-ROOT
BRANCH-RELEASE-0_7_4-ROOT
BRANCH-RELEASE-0_7_5-ROOT
CAPS-MERGE-1
CAPS-MERGE-2
CAPS-MERGE-3
CAPS-ROOT
CHANGELOG_START
DEBIAN-0_3_1-1
EVENTS1-200110161-FREEZE
GIT_CONVERSION
GOBJECT1-200106241
GOBJECT1-200106241-FREEZE
HEAD-20010306-PRE_AUTOPLUG2
HEAD-20010312-PRE_CAPSNEGO1
INCSCHED1-200105251
INCSCHED1-200105251-FREEZE
MOVE-TO-FDO
OSLOSUMMIT1-200303051
PLUGINVER1-20010422
PLUGINVER1-20010422-FREEZE
RELEASE-0_10_0
RELEASE-0_10_1
RELEASE-0_10_10
RELEASE-0_10_11
RELEASE-0_10_12
RELEASE-0_10_13
RELEASE-0_10_14
RELEASE-0_10_15
RELEASE-0_10_16
RELEASE-0_10_17
RELEASE-0_10_18
RELEASE-0_10_2
RELEASE-0_10_20
RELEASE-0_10_21
RELEASE-0_10_22
RELEASE-0_10_3
RELEASE-0_10_4
RELEASE-0_10_5
RELEASE-0_10_6
RELEASE-0_10_7
RELEASE-0_10_8
RELEASE-0_10_9
RELEASE-0_1_0-SLIPSTREAM
RELEASE-0_1_1-DUCTTAPE
RELEASE-0_2_0-CRITICALMASS
RELEASE-0_2_1-SEDIMASTER
RELEASE-0_2_1-UNKN
RELEASE-0_3_0-EVENTFUL
RELEASE-0_3_1-BELGIANBEER
RELEASE-0_3_2-DOBDAY
RELEASE-0_7_1
RELEASE-0_7_2
RELEASE-0_7_3
RELEASE-0_7_6
RELEASE-0_8_0
RELEASE-0_8_1
RELEASE-0_8_2
RELEASE-0_8_3
RELEASE-0_8_4
RELEASE-0_8_6
RELEASE-0_8_7
RELEASE-0_8_8
RELEASE-0_8_9
RELEASE-0_9_2
RELEASE-0_9_3
RELEASE-0_9_4
RELEASE-0_9_5
RELEASE-0_9_6
RELEASE-0_9_7
TYPEFIND-ROOT
monorepo-start
start
RELEASE-0.*
RELEASE-0.10.23
RELEASE-0.10.24
RELEASE-0.10.25
RELEASE-0.10.26
RELEASE-0.10.27
RELEASE-0.10.28
RELEASE-0.10.29
RELEASE-0.10.30
RELEASE-0.10.31
RELEASE-0.11.0
RELEASE-0.11.1
RELEASE-0.11.2
RELEASE-0.11.90
RELEASE-0.11.91
RELEASE-0.11.92
RELEASE-0.11.93
RELEASE-0.11.94
RELEASE-0.11.99

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1940.json"