PatchSiren cyber security CVE debrief
CVE-2026-52722 Red Hat CVE debrief
CVE-2026-52722 is a HIGH severity vulnerability in GStreamer's VMnc decoder. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-52722).
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of GStreamer's VMnc decoder, particularly those who handle VMnc files from untrusted sources, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates from the vendor as soon as they become available.
- Be cautious when opening VMnc files from untrusted sources.
- Consider using alternative decoders or media players that are not vulnerable to this issue.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide further information about this vulnerability. Additional references can be found at [ref-4], [ref-5], and [ref-6].
Official resources
CVE-2026-52722 was published on 2026-06-15T20:16:32.830Z and modified on 2026-06-15T21:09:52.020Z.