CVE-2026-52720
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-122: Heap-based Buffer Overflow
Workarounds
Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb
Additional References
- https://access.redhat.com/security/cve/CVE-2026-52720
- https://bugzilla.redhat.com/show_bug.cgi?id=2486731
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52720.json
References
- https://access.redhat.com/security/cve/CVE-2026-52720
- https://bugzilla.redhat.com/show_bug.cgi?id=2486731
- https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.