CVE Catalog

CVE-2026-52720

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile - higher than 41% of all known CVEs

Summary

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). Incorrect rectangle bounds validation allows a malicious VNC server to send a rectangle extending beyond the framebuffer, leading to an out-of-bounds heap write.

Risk Assessment

A remote attacker can set up a malicious VNC server and trick a user into connecting, potentially resulting in arbitrary code execution or a crash, leading to system compromise.

Recommendation

Update GStreamer to the patched version immediately. Until then, avoid connecting to untrusted VNC servers.

Original NVD description (English source)

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS