CVE-2026-52720— Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
Possible ATT&CK Techniques 2AI
T1203 · Exploitation for Client Execution T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 6
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 6 | any | unknown |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
any | affected | ||
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-52720
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
Source: NVD (National Vulnerability Database)
Vulnerability Description
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
GStreamer 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GStreamer是GStreamer组织开源的一套用于处理流媒体的框架。 GStreamer存在缓冲区错误漏洞,该漏洞源于矩形边界检查错误验证区域而非单个维度,可能导致恶意VNC服务器发送超出帧缓冲区的矩形,造成堆越界写入,从而导致代码执行或崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-52720
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-52720
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-52720 (1)
Vendor Advisories for CVE-2026-52720 (2)
Same Patch Batch · Red Hat · 2026-06-15 · 9 CVEs total
| CVE-2026-53705 | 7.6 HIGH | Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer ov |
| CVE-2026-52722 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor pay |
| CVE-2026-53703 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio str |
| CVE-2026-53704 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo |
| CVE-2026-52719 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validat |
| CVE-2026-52718 | 6.5 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byt |
| CVE-2026-52721 | 5.3 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp |
| CVE-2026-44188 | 5.3 MEDIUM | Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg
Same vendor: Red Hat
- CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex
Same weakness: CWE-122
- CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-3195
Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm - CVE-2026-45696
OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl( - CVE-2026-2467
Heap-based Buffer Overflow vulnerability in RTI Connext Prof - CVE-2026-42055
NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vuln
V. Comments for CVE-2026-52720
No comments yet