[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-53701":3,"news-by-cve-CVE-2026-53701-10":69},{"has_workaround":4,"affected_product_count":5,"references_preview":6,"source_identifier":12,"nvd_cvss_vector":13,"kev_ransomware_use":14,"has_solution":14,"affected_products_preview":15,"state":28,"assigner_org":29,"assigner_short_name":29,"nvd_cvss_severity":30,"exploit_count":31,"nuclei_template_count":31,"description":32,"attack_tactics":33,"date_published":36,"date_updated":37,"tags":38,"sources":39,"has_attack_graph":4,"id":41,"attack_technique_count":42,"sectors":43,"has_ai_summary":14,"cvss_severity":30,"nvd_cvss_score":44,"in_kev":14,"weaknesses":45,"cvss_score":44,"cvss_vector":13,"reference_count":42,"attack_techniques":48,"has_nuclei_templates":14,"title":60,"cvss_source":40,"has_exploit":14,"vendor_context":61,"remediation_summary":67,"cvss_version":68},true,4,[7,10],{"url":8,"source":9},"https://access.redhat.com/security/cve/CVE-2026-53701","cvelist",{"source":9,"url":11},"https://bugzilla.redhat.com/show_bug.cgi?id=2487611","53f830b8-0a3f-465b-8143-3b8a9948e749","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",false,[16,22,24,26],{"deployment":17,"vendor":18,"product":19,"sector":20,"subsector":21},"on-prem","Red Hat","Red Hat Enterprise Linux 10","operating-systems","linux-distro",{"vendor":18,"product":23,"sector":20,"subsector":21,"deployment":17},"Red Hat Enterprise Linux 7",{"vendor":18,"product":25,"sector":20,"subsector":21,"deployment":17},"Red Hat Enterprise Linux 8",{"vendor":18,"product":27,"sector":20,"subsector":21,"deployment":17},"Red Hat Enterprise Linux 9","PUBLISHED","","MEDIUM",0,"An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partition() (gsth266parser.c), the loop iterates without checking that the slice index stays within bounds, writing past three fixed-size arrays (slice_height_in_ctus, slice_top_left_ctu_x, slice_top_left_ctu_y) in the GstH266PPS structure. While the initial proof-of-concept demonstrated a 4-byte out-of-bounds write, the code permits larger writes across multiple iterations. A crafted H.266/VVC media file can trigger this vulnerability.",[34,35],"Initial Access","Privilege Escalation","2026-06-11T18:15:30Z","2026-06-11T19:16:47Z",[],[9,40],"nvd","CVE-2026-53701",2,[20],6.5,[46],{"cwe_id":47,"name":29},"CWE-787",[49,55],{"tactic":50,"tactic_name":34,"url":51,"confidence":52,"technique_id":53,"technique_name":54},"initial-access","https://attack.mitre.org/techniques/T1190/","high","T1190","Exploit Public-Facing Application",{"tactic":56,"tactic_name":35,"url":57,"confidence":52,"technique_id":58,"technique_name":59},"privilege-escalation","https://attack.mitre.org/techniques/T1068/","T1068","Exploitation for Privilege Escalation","Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser",[62],{"subsector":21,"vendor":63,"vendor_type":64,"country":65,"aliases":66,"sector":20},"red hat","commercial","US",[63],{"has_patch":14,"has_workaround":4},"3.1",{"cve_id":41,"items":70,"total":31},[]]