CVE-2026-52722

7.1 HIGH

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CVSS: 7.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE: CWE-190

Description

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-53705 — A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good (7.6 HIGH)
CVE-2025-55647 — An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of ... (5.5 MEDIUM)
CVE-2026-6045 — LibreOffice can import EMF+ graphics, which may be embedded in documents
CVE-2025-14098 — Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executab... (7.8 HIGH)
CVE-2026-47223 — NanaZip is the 7-Zip derivative intended for the modern Windows experience (5.4 MEDIUM)