UBUNTU-CVE-2026-12892
- Source
- https://ubuntu.com/security/CVE-2026-12892
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-12892.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-12892
- Upstream
- Published
- 2026-06-23T21:16:00Z
- Modified
- 2026-06-25T17:12:18Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary information without first verifying that the NAL unit contains enough data beyond the extension header. An attacker could exploit this by tricking a user into opening a malicious H.264 video file, potentially causing the application to crash or leak a single byte of heap memory.
- References
Affected packages
Ubuntu:14.04:LTS
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.2.0-3ubuntu5
1.2.1-1ubuntu1
1.2.1-1ubuntu2
1.2.2-1ubuntu1
1.2.2-1ubuntu2
1.2.2-1ubuntu4
1.2.3-1ubuntu1
1.2.3-1ubuntu2
1.2.4-1~ubuntu1
1.2.4-1~ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gstreamer1.0-hybris",
"binary_version": "1.2.4-1~ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-plugins-bad",
"binary_version": "1.2.4-1~ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-plugins-bad-faad",
"binary_version": "1.2.4-1~ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-plugins-bad-videoparsers",
"binary_version": "1.2.4-1~ubuntu1.1"
},
{
"binary_name": "libgstreamer-plugins-bad1.0-0",
"binary_version": "1.2.4-1~ubuntu1.1"
}
]
}Ubuntu:25.10
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.26.0-1ubuntu2
1.26.2-1ubuntu1
1.26.3-1ubuntu1
1.26.4-1ubuntu1
1.26.5-1ubuntu2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.26.5-1ubuntu2",
"binary_name": "gir1.2-gst-plugins-bad-1.0"
},
{
"binary_name": "gstreamer1.0-opencv",
"binary_version": "1.26.5-1ubuntu2"
},
{
"binary_version": "1.26.5-1ubuntu2",
"binary_name": "gstreamer1.0-plugins-bad"
},
{
"binary_name": "gstreamer1.0-plugins-bad-apps",
"binary_version": "1.26.5-1ubuntu2"
},
{
"binary_name": "libgstreamer-opencv1.0-0",
"binary_version": "1.26.5-1ubuntu2"
},
{
"binary_name": "libgstreamer-plugins-bad1.0-0",
"binary_version": "1.26.5-1ubuntu2"
}
]
}Ubuntu:26.04:LTS
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.26.5-1ubuntu2
1.27.2-1ubuntu1
1.27.90-1ubuntu2
1.28.0-1ubuntu2
1.28.1-2ubuntu2
1.28.1-2ubuntu3
1.28.2-1ubuntu1
1.28.2-1ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-bad-1.0",
"binary_version": "1.28.2-1ubuntu1.1"
},
{
"binary_name": "gir1.2-gst-plugins-extra-1.0",
"binary_version": "1.28.2-1ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-opencv",
"binary_version": "1.28.2-1ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-plugins-bad",
"binary_version": "1.28.2-1ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-plugins-bad-apps",
"binary_version": "1.28.2-1ubuntu1.1"
},
{
"binary_version": "1.28.2-1ubuntu1.1",
"binary_name": "gstreamer1.0-plugins-extra"
},
{
"binary_name": "libgstreamer-opencv1.0-0",
"binary_version": "1.28.2-1ubuntu1.1"
},
{
"binary_name": "libgstreamer-plugins-bad1.0-0",
"binary_version": "1.28.2-1ubuntu1.1"
},
{
"binary_name": "libgstreamer-plugins-extra1.0-0",
"binary_version": "1.28.2-1ubuntu1.1"
}
]
}Ubuntu:Pro:16.04:LTS
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.6.0-1ubuntu1
1.6.1-1ubuntu1
1.6.2-1ubuntu1
1.7.1-1ubuntu1
1.7.1-1ubuntu3
1.7.1-1ubuntu4
1.7.2-1ubuntu1
1.7.90-1ubuntu2
1.7.91-1ubuntu1
1.8.0-1ubuntu1
1.8.1-1ubuntu0.1
1.8.2-1ubuntu0.1
1.8.2-1ubuntu0.2
1.8.3-1ubuntu0.2
1.8.3-1ubuntu0.2+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-bad-1.0",
"binary_version": "1.8.3-1ubuntu0.2+esm1"
},
{
"binary_name": "gstreamer1.0-hybris",
"binary_version": "1.8.3-1ubuntu0.2+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-bad",
"binary_version": "1.8.3-1ubuntu0.2+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-bad-faad",
"binary_version": "1.8.3-1ubuntu0.2+esm1"
},
{
"binary_version": "1.8.3-1ubuntu0.2+esm1",
"binary_name": "gstreamer1.0-plugins-bad-videoparsers"
},
{
"binary_name": "libgstreamer-plugins-bad1.0-0",
"binary_version": "1.8.3-1ubuntu0.2+esm1"
}
]
}Ubuntu:Pro:18.04:LTS
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.12.3-1ubuntu1
1.12.3-1ubuntu2
1.12.3-2ubuntu1
1.12.4-2ubuntu1
1.12.4-2ubuntu2
1.13.1-1ubuntu1
1.13.91-1ubuntu1
1.14.0-1ubuntu1
1.14.1-1ubuntu1~ubuntu18.04.1
1.14.4-1ubuntu1~ubuntu18.04.1
1.14.5-0ubuntu1~18.04.1
1.14.5-0ubuntu1~18.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-bad-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.1+esm1"
},
{
"binary_version": "1.14.5-0ubuntu1~18.04.1+esm1",
"binary_name": "gstreamer1.0-opencv"
},
{
"binary_name": "gstreamer1.0-plugins-bad",
"binary_version": "1.14.5-0ubuntu1~18.04.1+esm1"
},
{
"binary_name": "libgstreamer-opencv1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.1+esm1"
},
{
"binary_name": "libgstreamer-plugins-bad1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.1+esm1"
}
]
}Ubuntu:Pro:20.04:LTS
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.16.1-1ubuntu1
1.16.1-1ubuntu3
1.16.1-1ubuntu4
1.16.1-1ubuntu5
1.16.1-1ubuntu6
1.16.1-1ubuntu8
1.16.2-1ubuntu1
1.16.2-1ubuntu2
1.16.2-2ubuntu1
1.16.2-2.1ubuntu1
1.16.3-0ubuntu1
1.16.3-0ubuntu1.1
1.16.3-0ubuntu1.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-bad-1.0",
"binary_version": "1.16.3-0ubuntu1.1+esm1"
},
{
"binary_name": "gstreamer1.0-opencv",
"binary_version": "1.16.3-0ubuntu1.1+esm1"
},
{
"binary_version": "1.16.3-0ubuntu1.1+esm1",
"binary_name": "gstreamer1.0-plugins-bad"
},
{
"binary_name": "libgstreamer-opencv1.0-0",
"binary_version": "1.16.3-0ubuntu1.1+esm1"
},
{
"binary_name": "libgstreamer-plugins-bad1.0-0",
"binary_version": "1.16.3-0ubuntu1.1+esm1"
}
]
}Ubuntu:Pro:22.04:LTS
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.18.5-1ubuntu1
1.18.5-1ubuntu3
1.20.0-2ubuntu2
1.20.1-1ubuntu2
1.20.3-0ubuntu1
1.20.3-0ubuntu1.1
1.20.3-0ubuntu1.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-bad-1.0",
"binary_version": "1.20.3-0ubuntu1.1+esm2"
},
{
"binary_name": "gstreamer1.0-opencv",
"binary_version": "1.20.3-0ubuntu1.1+esm2"
},
{
"binary_version": "1.20.3-0ubuntu1.1+esm2",
"binary_name": "gstreamer1.0-plugins-bad"
},
{
"binary_name": "gstreamer1.0-plugins-bad-apps",
"binary_version": "1.20.3-0ubuntu1.1+esm2"
},
{
"binary_name": "gstreamer1.0-wpe",
"binary_version": "1.20.3-0ubuntu1.1+esm2"
},
{
"binary_name": "libgstreamer-opencv1.0-0",
"binary_version": "1.20.3-0ubuntu1.1+esm2"
},
{
"binary_version": "1.20.3-0ubuntu1.1+esm2",
"binary_name": "libgstreamer-plugins-bad1.0-0"
}
]
}Ubuntu:Pro:24.04:LTS
gst-plugins-bad1.0
Package
- Name
- gst-plugins-bad1.0
- Purl
- pkg:deb/ubuntu/gst-plugins-bad1.0?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.22.4-1ubuntu1
1.22.4-1ubuntu2
1.22.4-1ubuntu4
1.22.9-2ubuntu1
1.24.0-1ubuntu3
1.24.0-1ubuntu4
1.24.2-1ubuntu4
1.24.2-1ubuntu4+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-bad-1.0",
"binary_version": "1.24.2-1ubuntu4+esm1"
},
{
"binary_name": "gstreamer1.0-opencv",
"binary_version": "1.24.2-1ubuntu4+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-bad",
"binary_version": "1.24.2-1ubuntu4+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-bad-apps",
"binary_version": "1.24.2-1ubuntu4+esm1"
},
{
"binary_name": "libgstreamer-opencv1.0-0",
"binary_version": "1.24.2-1ubuntu4+esm1"
},
{
"binary_name": "libgstreamer-plugins-bad1.0-0",
"binary_version": "1.24.2-1ubuntu4+esm1"
}
]
}