High7.1Red Hat & Ubuntu Linux Updated
rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer
CVE-2026-59691 Published Jul 8, 2026Updated by vendor Jul 8, 2026
CVE-2026-59691
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer. Red Hat rates this important (CVSS 7.1). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- There is no complete mitigation for this vulnerability. The following measures can reduce risk: 1. Do not connect GStreamer pipelines using rfbsrc to untrusted or unknown VNC servers. 2. If the rfbsrc plugin is not required, remove the librfb plugin shared object from the GStreamer plugins directory (typically /usr/lib64/gstreamer-1.0/libgstrfbsrc.so). 3. Network-level controls (firewall rules) can restrict outbound VNC connections to trusted servers only.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.