Signed Integer Overflow Vulnerability in GStreamer’s VMnc Decoder
CVE-2026-52722

7.1HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
15 June 2026

What is CVE-2026-52722?

A vulnerability exists in GStreamer's VMnc decoder that involves a signed integer overflow issue. This occurs when processing a specially crafted VMnc stream with excessively large cursor dimensions. The vulnerability can bypass a length check due to payload-size arithmetic overflow, which can lead to out-of-bounds reads. A remote attacker could potentially exploit this by deceiving a user into opening a malicious VMnc file, resulting in a crash or possible information disclosure.

References

https://access.redhat.com/security/cve/CVE-2026-52722
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2486733
issue-trackingx_refsource_REDHAT
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank JUNYI LIU for reporting this issue.
.