Description
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
Published: 2026-06-15
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer overflow exists in GStreamer's RFB/VNC client (librfb) where the rectangle bounds check validates the area instead of individual width and height values. This flaw allows a malicious VNC server to transmit a rectangle that exceeds the framebuffer bounds, causing an out-of-bounds heap write. The overflow can lead to arbitrary code execution or a process crash, compromising the integrity of the application and potentially the system if privileges are elevated.

Affected Systems

The issue affects Red Hat Enterprise Linux distributions from version 6 through version 10, as Red Hat security updates target these platforms. No specific patch release or version ranges are listed in the CNA data, so users should consider all affected releases as vulnerable until a fix is made available.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score of less than 1% suggests a low probability of widespread exploitation at present. The vulnerability is not currently listed in CISA’s KEV catalog. Based on the description, the likely attack vector is remote: an attacker controls a VNC server and persuades a user to connect to it. No local privilege escalation or user interaction beyond connecting is required, meaning the flaw can be triggered simply by a user initiating a VNC session with a crafted server. As no mitigation exists yet other than patching, the risk remains significant for systems that allow arbitrary VNC connections.

Generated by OpenCVE AI on June 16, 2026 at 22:44 UTC.

Remediation

Vendor Workaround

Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.

OpenCVE Recommended Actions

  • Apply Red Hat security updates for GStreamer as soon as they are released
  • If new updates are not yet available, consider disabling or restricting the GStreamer RFB/VNC client on all hosts, for example by removing the librfb package or blocking VNC traffic on firewall rules
  • Continuously monitor logs and application stability for signs of crashes or anomalous heap accesses, and investigate any unexpected behavior promptly

Generated by OpenCVE AI on June 16, 2026 at 22:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
Title Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-122
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-15T19:56:22.065Z

Reserved: 2026-06-08T11:07:26.008Z

Link: CVE-2026-52720

cve-icon Vulnrichment

Updated: 2026-06-15T19:56:06.041Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:32.580

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-52720

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-15T00:00:00Z

Links: CVE-2026-52720 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:45:03Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow