Home / Vulnerability Intelligence / CVE-2026-3085

CVE-2026-3085 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 17, 2026

GStreamer - Remote Code Execution

Published: March 16, 2026Updated: March 17, 2026Remote Exploitable

Overview

GStreamer contains a heap-based buffer overflow caused by improper validation of user-supplied data length in X-QDM RTP payload processing, letting remote attackers execute arbitrary code, exploit requires interaction with the library.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 25.2%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code in the context of the current process, potentially leading to full system compromise.

Mitigation

Update to the latest version of GStreamer.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 16, 2026

🟠 CVE-2026-3085 - High (8.8) GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3085/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3085
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: confirmed
EPSS: 25.2%
Social Posts: 1

CWE

CWE-122

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

25.2%Probability of exploitation in the next 30 days