CVE-2026-52722— Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling
Possible ATT&CK Techniques 1AI
T1203 · Exploitation for Client ExecutionAffected Version Matrix 6
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 6 | any | unknown |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
any | affected | ||
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-52722
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling
Source: NVD (National Vulnerability Database)
Vulnerability Description
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
GStreamer VMnc decoder 数字错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMnc decoder是GStreamer组织的一个视频解码器插件。 GStreamer VMnc decoder存在数字错误漏洞,该漏洞源于符号整数溢出,导致绕过长度检查并越界读取。远程攻击者可能诱使用户打开特制的VMnc文件,从而导致崩溃或信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-52722
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-52722
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-52722 (1)
Other References for CVE-2026-52722 (1)
Same Patch Batch · Red Hat · 2026-06-15 · 9 CVEs total
| CVE-2026-52720 | 8.8 HIGH | Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectan |
| CVE-2026-53705 | 7.6 HIGH | Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer ov |
| CVE-2026-53703 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio str |
| CVE-2026-53704 | 7.1 HIGH | Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo |
| CVE-2026-52719 | 7.1 HIGH | Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validat |
| CVE-2026-52718 | 6.5 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byt |
| CVE-2026-52721 | 5.3 MEDIUM | Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp |
| CVE-2026-44188 | 5.3 MEDIUM | Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg
Same vendor: Red Hat
- CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex
Same weakness: CWE-190
- CVE-2026-49346
libde265 has a heap buffer overflow in de265_image_get_buffe - CVE-2026-3196
Qemu-kvm: virtio-snd: integer overflow leading to unbounded - CVE-2026-8805
Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series - CVE-2026-44663
OpenEXR: Integer overflow in the HTJ2K decoder leads to heap - CVE-2026-55203
HAProxy - Integer Overflow in FCGI Demux Record Length Field
V. Comments for CVE-2026-52722
No comments yet