A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit pixels. This type mismatch causes an out-of-bounds heap write that can lead to denial of service (process crash) and potential memory corruption.

Project Subscriptions

Vendors Products
Enterprise Linux Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

There is no complete mitigation for this vulnerability. The following measures can reduce risk: 1. Do not connect GStreamer pipelines using rfbsrc to untrusted or unknown VNC servers. 2. If the rfbsrc plugin is not required, remove the librfb plugin shared object from the GStreamer plugins directory (typically /usr/lib64/gstreamer-1.0/libgstrfbsrc.so). 3. Network-level controls (firewall rules) can restrict outbound VNC connections to trusted servers only.

History

Thu, 09 Jul 2026 10:45:00 +0000

Type Values Removed Values Added
Description A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit pixels. This type mismatch causes an out-of-bounds heap write that can lead to denial of service (process crash) and potential memory corruption.
Title Gstreamer: gstreamer: rfbsrc/librfb hextile heap out-of-bounds write with 16bpp framebuffer
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-787
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-09T09:34:47.743Z

Reserved: 2026-07-06T13:40:46.923Z

Link: CVE-2026-59691

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses