QSearchQSearch

CVE-2026-52720

8.8 HIGH

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client)

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CVSS
8.8 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
CWE-122

Description

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2025-55661 A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) ... (5.5 MEDIUM)
  • CVE-2025-55652 A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial ... (5.5 MEDIUM)
  • CVE-2025-55648 A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cau... (5.5 MEDIUM)
  • CVE-2025-55645 A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of... (5.5 MEDIUM)
  • CVE-2026-12193 A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x (7.8 HIGH)