CVE-2026-52722

🗓️ 15 Jun 2026 19:15:23Reported by redhatType

CVE-2026-52722 VMnc decoder overflow in GStreamer causes out-of-bounds reads from crafted VMnc cursors.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2026-52722	15 Jun 202620:37	–	circl
Cvelist	CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling	15 Jun 202619:15	–	cvelist
Debian CVE	CVE-2026-52722	15 Jun 202619:15	–	debiancve
EUVD	EUVD-2026-36804	15 Jun 202621:30	–	euvd
NVD	CVE-2026-52722	15 Jun 202620:16	–	nvd
OSV	DEBIAN-CVE-2026-52722	15 Jun 202620:16	–	osv
OSV	UBUNTU-CVE-2026-52722	17 Jun 202600:00	–	osv
Positive Technologies	PT-2026-49338	15 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-52722	15 Jun 202619:15	–	redhatcve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-52722	15 Jun 202600:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gstreamer1-plugins-bad-free",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gstreamer-plugins-bad-free",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gstreamer1-plugins-bad-free",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gstreamer-plugins-bad-free",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gstreamer1-plugins-bad-free",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gstreamer1-plugins-bad-free",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
gitlab	www.gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5107
access	www.access.redhat.com/security/cve/CVE-2026-52722

17 Jun 2026 10:57Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.17.1

EPSS0.00288

SSVC

CWE-190