Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

openSUSE gstreamer-plugins-bad Important Buffer Overflow Issues 2026-3058-1

opensuse
Calendar Grey July 15, 2026
Dist Opensuse Esm H88
Update available for gstreamer-plugins-bad addressing seven important issues including multiple heap and stack overflows.
An update that solves seven vulnerabilities can now be installed.

Description

This update for gstreamer-plugins-bad fixes the following issues

* CVE-2026-12892: 1-byte heap out-of-bounds read in H.264 NAL extension slice

parser (bsc#1268971).

* CVE-2026-14935: webrtcbin accepts remote SDP without a=fingerprint due to

inverted presence check (bsc#1271051).

* CVE-2026-52720: invalid check of total area instead of individual dimensions

could trigger a heap out-of-bounds write (bsc#1268406).

* CVE-2026-52721: crafted PCAP records during IPv4 or TCP header parsing could

cause an out-of-bounds read (bsc#1268408).

* CVE-2026-52722: crafted VMnc stream with large cursor dimensions can

overflow signed integer (bsc#1268410).

* CVE-2026-53702: incorrect loop bound during H.265 SEI message parsing could

result in a stack buffer overflow (bsc#1268168).

* CVE-2026-59692: unvalidated peer certificate Subject DN printed during a

DTLS handshake could cause a stack buffer overflow (bsc#1271168).

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3058=1

* SUSE Package Hub 15 15-SP7

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-3058=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3058=1

* Desktop Applications Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3058=1

* openSUSE Leap 15.6

zypper in -t patch SUSE-2026-3058=1

* Basesystem Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3058=1

Package List

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)

* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.9.1

* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.9.1

* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.9.1

* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.9.1

* libgstwebrtc-1_0-0-1.24.0-150600.4.9.1

* libgstcodecs-1_0-0-1.24.0-150600.4.9.1

* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.9.1

* libgstmpegts-1_0-0-1.24.0-150600.4.9.1

* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.9.1

* typelib-1_0-GstVa-1_0-1.24.0-150600.4.9.1

* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.9.1

* libgstisoff-1_0-0-1.24.0-150600.4.9.1

* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.9.1

* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1

* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.9.1

* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.9.1

* libgstplay-1_0-0-1.24.0-150600.4.9.1

* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.9.1

* libgstcuda-1_0-0-1.24.0-150600.4.9.1

*...

Read the Full Advisory

References

* bsc#1268168

* bsc#1268406

* bsc#1268408

* bsc#1268410

* bsc#1268971

* bsc#1271051

* bsc#1271168

## References:

* https://www.suse.com/security/cve/CVE-2026-12892.html

* https://www.suse.com/security/cve/CVE-2026-14935.html

* https://www.suse.com/security/cve/CVE-2026-52720.html

* https://www.suse.com/security/cve/CVE-2026-52721.html

* https://www.suse.com/security/cve/CVE-2026-52722.html

* https://www.suse.com/security/cve/CVE-2026-53702.html

* https://www.suse.com/security/cve/CVE-2026-59692.html

* https://bugzilla.suse.com/show_bug.cgi?id=1268168

* https://bugzilla.suse.com/show_bug.cgi?id=1268406

* https://bugzilla.suse.com/show_bug.cgi?id=1268408

* https://bugzilla.suse.com/show_bug.cgi?id=1268410

* https://bugzilla.suse.com/show_bug.cgi?id=1268971

* https://bugzilla.suse.com/show_bug.cgi?id=1271051

* https://bugzilla.suse.com/show_bug.cgi?id=1271168

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:3058-1
Release Date: 2026-07-15T13:32:28Z
Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.