{"api_version":"1","generated_at":"2026-06-23T05:58:52+00:00","cve":"CVE-2026-52720","urls":{"html":"https://cve.report/CVE-2026-52720","api":"https://cve.report/api/cve/CVE-2026-52720.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-52720","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-52720"},"summary":{"title":"Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb","description":"A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-06-15 20:16:32","updated_at":"2026-06-15 21:09:52"},"problem_types":["CWE-122","CWE-122 Heap-based Buffer Overflow"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105","name":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-52720","name":"https://access.redhat.com/security/cve/CVE-2026-52720","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486731","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2486731","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-52720","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-52720","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-05-19T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-06-15T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank JUNYI LIU for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"52720","cve":"CVE-2026-52720","epss":"0.004830000","percentile":"0.377720000","score_date":"2026-06-22","updated_at":"2026-06-23 00:09:30"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-52720","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-15T19:55:56.765375Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-15T19:56:22.065Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"gstreamer1-plugins-bad-free","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"gstreamer-plugins-bad-free","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","packageName":"gstreamer1-plugins-bad-free","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","packageName":"gstreamer-plugins-bad-free","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","packageName":"gstreamer1-plugins-bad-free","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"gstreamer1-plugins-bad-free","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank JUNYI LIU for reporting this issue."}],"datePublic":"2026-06-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-15T19:15:19.808Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-52720"},{"name":"RHBZ#2486731","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486731"},{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105"}],"timeline":[{"lang":"en","time":"2026-05-19T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-06-15T00:00:00.000Z","value":"Made public."}],"title":"Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb","workarounds":[{"lang":"en","value":"Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-122: Heap-based Buffer Overflow"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-52720","datePublished":"2026-06-15T19:15:19.808Z","dateReserved":"2026-06-08T11:07:26.008Z","dateUpdated":"2026-06-15T19:56:22.065Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-15 20:16:32","lastModifiedDate":"2026-06-15 21:09:52","problem_types":["CWE-122","CWE-122 Heap-based Buffer Overflow"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"52720","Ordinal":"1","Title":"Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via","CVE":"CVE-2026-52720","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"52720","Ordinal":"1","NoteData":"A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.","Type":"Description","Title":"Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via"}]}}}