PULSE
EN VIVO7señales / 24h
FEED
ransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a The Nueva School · US · Educationransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Foundransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a The Nueva School · US · Educationransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Found
← Todos los CVEs
CVE Watch15 jul 2026

CVE-2026-3081

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to

CVSS

7.8

Alto

EPSS

0.4%

p35

KEV

Exploit Today

10

0-100

Publicado: 16 mar 2026 · Última mod.: 15 jul 2026 · CWE-121 · CWE-120

EPSS · 30d
0.4%EPSS · 30 días0.4%
2026-06-302026-07-18
Descripción técnica

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of decoding units. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28839.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-312778.8 ALT
71.0%
KEV71Apple Multiple Products Buffer Overflow Vulnerability5d
CVE-2025-154678.8 ALT
98.7%
30Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.5d
CVE-2026-276548.2 ALT
97.4%
29NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5d
CVE-2022-374349.8 CRÍ
96.5%
29zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).5d
CVE-2025-510878.6 ALT
94.0%
28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.15d
CVE-2025-510885.3 MED
92.6%
28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.15d