RHSA-2026:37130
Vulnerability from csaf_redhat - Published: 2026-07-09 07:58 - Updated: 2026-07-09 18:00A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb (CVE-2026-52720)\n\n* gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling (CVE-2026-52722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:37130",
"url": "https://access.redhat.com/errata/RHSA-2026:37130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2486731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486731"
},
{
"category": "external",
"summary": "2486733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486733"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37130.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-bad-free security update",
"tracking": {
"current_release_date": "2026-07-09T18:00:58+00:00",
"generator": {
"date": "2026-07-09T18:00:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:37130",
"initial_release_date": "2026-07-09T07:58:22+00:00",
"revision_history": [
{
"date": "2026-07-09T07:58:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T07:58:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T18:00:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"product": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"product_id": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free@1.16.1-8.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"product": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"product_id": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free@1.16.1-8.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"product": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"product_id": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debugsource@1.16.1-8.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"product": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"product_id": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debuginfo@1.16.1-8.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"product": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"product_id": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-devel@1.16.1-8.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"product": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"product_id": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free@1.16.1-8.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"product": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"product_id": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debugsource@1.16.1-8.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"product": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"product_id": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debuginfo@1.16.1-8.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"product": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"product_id": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-devel@1.16.1-8.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"product": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"product_id": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free@1.16.1-8.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"product": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"product_id": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debugsource@1.16.1-8.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"product": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"product_id": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debuginfo@1.16.1-8.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"product": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"product_id": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-devel@1.16.1-8.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"product": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"product_id": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free@1.16.1-8.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"product": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"product_id": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debugsource@1.16.1-8.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"product": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"product_id": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debuginfo@1.16.1-8.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64",
"product": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64",
"product_id": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-devel@1.16.1-8.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"product": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"product_id": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free@1.16.1-8.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"product": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"product_id": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debugsource@1.16.1-8.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"product": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"product_id": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-debuginfo@1.16.1-8.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"product": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"product_id": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-bad-free-devel@1.16.1-8.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64"
},
"product_reference": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686"
},
"product_reference": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le"
},
"product_reference": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x"
},
"product_reference": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src"
},
"product_reference": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64"
},
"product_reference": "gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64"
},
"product_reference": "gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64"
},
"product_reference": "gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64"
},
"product_reference": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686"
},
"product_reference": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le"
},
"product_reference": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x"
},
"product_reference": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
},
"product_reference": "gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"JUNYI LIU"
]
}
],
"cve": "CVE-2026-52720",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2026-05-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486731"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability was found in GStreamer\u0027s librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important heap buffer overflow vulnerability in GStreamer\u0027s librfb RFB/VNC client (gst-plugins-bad). The flaw allows a controlled out-of-bounds heap write when connecting to a malicious VNC server due to an incorrect bounds check that validates rectangle area instead of individual dimensions. The impact affects availability (crash), integrity, and potentially confidentiality, as the controlled heap overflow could be leveraged for code execution. Red Hat products utilizing GStreamer for multimedia processing are affected if they include the rfbsrc element for VNC/RFB screen capture pipelines.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-52720"
},
{
"category": "external",
"summary": "RHBZ#2486731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-52720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-52720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52720"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105"
}
],
"release_date": "2026-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T07:58:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37130"
},
{
"category": "workaround",
"details": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb"
},
{
"acknowledgments": [
{
"names": [
"JUNYI LIU"
]
}
],
"cve": "CVE-2026-52722",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486733"
}
],
"notes": [
{
"category": "description",
"text": "A signed integer overflow vulnerability was found in GStreamer\u0027s VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important signed integer overflow vulnerability in the GStreamer VMnc decoder (gst-plugins-bad). The flaw allows out-of-bounds heap reads when processing specially crafted VMnc video files due to signed integer overflow in cursor payload size arithmetic that bypasses a length check. A tiny buffer is allocated based on the overflowed value, but the rendering loop uses the original large dimensions, reading far beyond the allocated memory. The impact affects both availability (crash) and potentially confidentiality (information disclosure from heap memory reads). Red Hat products utilizing GStreamer for multimedia processing are affected if they handle untrusted VMnc video content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-52722"
},
{
"category": "external",
"summary": "RHBZ#2486733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-52722",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-52722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52722"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5107",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5107"
}
],
"release_date": "2026-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T07:58:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37130"
},
{
"category": "workaround",
"details": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates if they become available.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-debugsource-0:1.16.1-8.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:gstreamer1-plugins-bad-free-devel-0:1.16.1-8.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.