Description
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A signed integer overflow was discovered in GStreamer's VMnc decoder cursor payload handling. The overflow allows a crafted VMnc stream with large cursor dimensions to bypass a length check by corrupting signed integer payload‑size arithmetic, resulting in out‑of‑bounds reads. An attacker who lures a user into opening a malicious VMnc file could trigger a crash or cause sensitive data to be disclosed.

Affected Systems

The vulnerability affects the Red Hat Enterprise Linux distribution across versions 6, 7, 8, 9, and 10, through the bundled GStreamer 1.0 plugins, specifically the bad‑free set that includes the VMnc decoder.

Risk and Exploitability

The flaw carries a CVSS score of 7.1 and an EPSS score of less than 1 %, indicating a moderate severity but low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. The exploit requires user interaction – the victim must be tricked into opening a malicious VMnc file – and does not provide remote code execution. Nonetheless, because the vulnerability can lead to a crash or information disclosure, it is advisable to remediate promptly.

Generated by OpenCVE AI on June 16, 2026 at 23:35 UTC.

Remediation

Vendor Workaround

Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.

OpenCVE Recommended Actions

  • Apply the Red Hat security update that patches the GStreamer VMnc decoder.
  • Upgrade all GStreamer packages to the latest Red Hat repository releases so that every component is current.
  • Verify that no legacy GStreamer binaries or the vmnc plugin remain active on the system; if an update cannot be applied immediately, disable or delete the vmnc plugin to prevent processing of suspicious VMnc files.
  • No practical temporary workaround is available; apply the security update when released.

Generated by OpenCVE AI on June 16, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 15 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
Title Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-15T22:08:54.736Z

Reserved: 2026-06-08T11:07:26.009Z

Link: CVE-2026-52722

cve-icon Vulnrichment

Updated: 2026-06-15T22:08:50.621Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:32.830

Modified: 2026-06-15T21:09:52.020

Link: CVE-2026-52722

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-15T00:00:00Z

Links: CVE-2026-52722 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:45:14Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound