Security Advisory 2026-0043 (CVE-2026-52720)
|
|
| Summary |
Out-of-bounds read and write in RFB source |
| Date |
2026-06-16 |
| Affected Versions |
GStreamer gst-plugins-bad < 1.28.5 |
| IDs |
GStreamer-SA-2026-0043
CVE-2026-52720 |
Details
An out-of-bounds read and write vulnerability in the rfbsrc element (RFB source) in gst-plugins-bad. The underlying RFB decoder failed to properly validate framebuffer update rectangle coordinates and dimensions against the actual framebuffer size when processing RFB protocol data. Malicious VNC servers could send crafted framebuffer update messages with rectangle coordinates extending beyond the framebuffer boundaries, causing memory copy and fill operations to read from or write to memory outside the allocated framebuffer buffer. Additionally, the decoder lacked integer overflow protection when calculating the size of raw pixel data, potentially allowing size calculations to wrap around.
Impact
A malicious third party could trigger out-of-bounds reads and writes by connecting to a crafted VNC server or by processing crafted RFB protocol data, potentially resulting in a crash, denial of service, data corruption, or arbitrary code execution.
Solution
The gst-plugins-bad 1.28.5 release addresses the issue. People using older
versions of GStreamer should apply the patch and recompile.
References
The GStreamer project
CVE Database Entries
GStreamer 1.28.5 release
Note: This advisory was published before the GStreamer 1.28.5 release since the
CVE numbering authority accidentally released the CVE details ahead of schedule.
The release is planned for early July 2026.
Patches
