Back to overview

CVE-2026-59691

HIGH
7.1
CVSS 3.1
Description
A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit pixels. This type mismatch causes an out-of-bounds heap write that can lead to denial of service (process crash) and potential memory corruption.

Metadata

CVE ID
CVE-2026-59691
State
PUBLISHED
Assigner
redhat
Reserved
2026-07-06 13:40 UTC
Published
2026-07-09 09:34 UTC
Last updated
2026-07-09 13:50 UTC
Primary CWE
CWE-787
Out-of-bounds Write
Vendor / Product
Red Hat / Red Hat Enterprise Linux 10
Sources
cve.org  ·  NVD

Severity & Metrics

7.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (6)
VendorProductPlatformVersions
Red Hat Red Hat Enterprise Linux 10
Red Hat Red Hat Enterprise Linux 6
Red Hat Red Hat Enterprise Linux 7
Red Hat Red Hat Enterprise Linux 7
Red Hat Red Hat Enterprise Linux 8
Red Hat Red Hat Enterprise Linux 9
Weakness (CWE)
CWESourceDescription
CWE-787 cna Out-of-bounds Write
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Back to overview