PT-2026-56783 · Red Hat · Red Hat Enterprise Linux 10+4

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-59691

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit pixels. This type mismatch causes an out-of-bounds heap write that can lead to denial of service (process crash) and potential memory corruption.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59691

Affected Products

Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9