Cyber Resilience

CVE-2026-46470

Medium

Published: 14 May 2026

Published
14 May 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score v3.1 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0021 11.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-46470 is a medium-severity Divide By Zero (CWE-369) vulnerability in Freedesktop Gst-Plugins-Good. Its CVSS base score is 4.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 11.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Integer division-by-zero in MP4 parser directly enables application crash via crafted input (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

freedesktop
gst-plugins-good
≤ 1.28.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References