Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-1940

Опубликовано: 23 мар. 2026
Источник: nvd
CVSS3: 5.1
EPSS Низкий

Описание

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

Ссылки

EPSS

Процентиль: 4%
0.00017
Низкий

5.1 Medium

CVSS3

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2026-1940

CVSS3: 5.1
ubuntu
22 дня назад

[Unknown description]

redhat логотип

CVE-2026-1940

CVSS3: 5.1
redhat
около 1 месяца назад

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

debian логотип

CVE-2026-1940

CVSS3: 5.1
debian
9 дней назад

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in g ...

github логотип

GHSA-9wvw-r6fm-6wwv

CVSS3: 5.1
github
9 дней назад

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

EPSS

Процентиль: 4%
0.00017
Низкий

5.1 Medium

CVSS3

Дефекты

CWE-125