gstreamer1-plugins-bad-free-1.16.1-8.el8_10
エラータID: AXSA:2026-1243:01
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.
Security Fix(es):
* gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb (CVE-2026-52720)
* gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling (CVE-2026-52722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-52720
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
CVE-2026-52722
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
Update packages.
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
N/A
SRPMS
- gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm
MD5: 9d9bc36dca8b87697c3e63870c74c759
SHA-256: e9ab1cc3dbb09574708eaae054b892e36ad9e6ec186937aec4f905d5985b70dc
Size: 5.04 MB
Asianux Server 8 for x86_64
- gstreamer1-plugins-bad-free-1.16.1-8.el8_10.i686.rpm
MD5: 06164961fe2135a4be9ebab7b166a7b6
SHA-256: c00fc289fc39d52817d55ac88a8bac749f386d18d62d27a0ff461aa288b2785a
Size: 1.91 MB - gstreamer1-plugins-bad-free-1.16.1-8.el8_10.x86_64.rpm
MD5: a7e4872be95a11a9e0080c9dd04b9d38
SHA-256: 4f8a26fb4df5ecc42cde8d7f9741532560ec0d1a4e2f24fc78506890dc4233b1
Size: 1.83 MB - gstreamer1-plugins-bad-free-devel-1.16.1-8.el8_10.i686.rpm
MD5: 947cec4943a740845144bf62a96d1c72
SHA-256: e7a0cf956f3904da83523cd707d42848187a2b66b35209bc079887102c18d773
Size: 525.89 kB - gstreamer1-plugins-bad-free-devel-1.16.1-8.el8_10.x86_64.rpm
MD5: 0be4189b19f9e456924a5f465af3f3fd
SHA-256: 1995175bdf0acf248ed618266f36d2759ec84517ddc92d5c299a40d25d65c5fd
Size: 525.95 kB