Heap Buffer Overflow in GStreamer’s rfbsrc Plugin Exposes Vulnerability
CVE-2026-59691
7.1HIGH
What is CVE-2026-59691?
GStreamer’s rfbsrc plugin exhibits a vulnerability caused by a heap buffer overflow. This issue arises when a client connects to an untrusted RFB/VNC server that improperly advertises a 16bpp framebuffer. If the server sends Hextile-encoded updates, the processing of the Hextile background fill can lead to a scenario where 32-bit pixel values are incorrectly written into a buffer that is allocated for only 16-bit pixels. This mismatch results in an out-of-bounds heap write, which may lead to a denial of service, characterized by unexpected process crashes, as well as potential memory corruption.
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank Clouditera Security (Clouditera), NSFOCUS (NSFOCUS), and Z.ai Security (Z.ai) for reporting this issue.