Issued at: 2026-07-10
Updated at: 2026-07-12
Synopsis
Important: gstreamer1-plugins-bad-free security update
Description
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.
Security Fix(es):
* gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion (CVE-2026-52718)
* gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder (CVE-2026-52719)
* gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb (CVE-2026-52720)
* gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling (CVE-2026-52722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.