CVE-2026-52720
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk41th percentile - higher than 41% of all known CVEs
Summary
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). Incorrect rectangle bounds validation allows a malicious VNC server to send a rectangle extending beyond the framebuffer, leading to an out-of-bounds heap write.
Risk Assessment
A remote attacker can set up a malicious VNC server and trick a user into connecting, potentially resulting in arbitrary code execution or a crash, leading to system compromise.
Recommendation
Update GStreamer to the patched version immediately. Until then, avoid connecting to untrusted VNC servers.
Original NVD description (English source)
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.

