RLSA-2026:36673

Source
https://errata.rockylinux.org/RLSA-2026:36673
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:36673.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2026:36673
Upstream
  • CVE-2026-53703
Published
2026-07-10T12:05:34.876921Z
Modified
2026-07-10T12:30:04.638193219Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
Summary
Moderate: gstreamer1-plugins-ugly-free security update
Details

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins whose license is not fully compatible with LGPL.

Security Fix(es):

  • gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser (CVE-2026-53703)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:10 / gstreamer1-plugins-ugly-free

Package

Name
gstreamer1-plugins-ugly-free
Purl
pkg:rpm/rocky-linux/gstreamer1-plugins-ugly-free?distro=rocky-linux-10&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.26.7-2.el10_2.1
Database specific
{
    "yum_repository": "AppStream"
}

Database specific

source
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:36673.json"