ALAS2-2026-3791


Amazon Linux 2 Security Advisory: ALAS2-2026-3791
Advisory Released Date: 2026-07-08
Advisory Updated Date: 2026-07-08
Severity: Important

Issue Overview:

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash. (CVE-2026-52720)

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure. (CVE-2026-52721)

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure. (CVE-2026-52722)


Affected Packages:

gstreamer-plugins-bad-free


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update gstreamer-plugins-bad-free or yum update --advisory ALAS2-2026-3791 to update your system.

New Packages:
aarch64:
    gstreamer-plugins-bad-free-0.10.23-42.amzn2.0.4.aarch64
    gstreamer-plugins-bad-free-devel-0.10.23-42.amzn2.0.4.aarch64
    gstreamer-plugins-bad-free-devel-docs-0.10.23-42.amzn2.0.4.aarch64
    gstreamer-plugins-bad-free-debuginfo-0.10.23-42.amzn2.0.4.aarch64

i686:
    gstreamer-plugins-bad-free-0.10.23-42.amzn2.0.4.i686
    gstreamer-plugins-bad-free-devel-0.10.23-42.amzn2.0.4.i686
    gstreamer-plugins-bad-free-devel-docs-0.10.23-42.amzn2.0.4.i686
    gstreamer-plugins-bad-free-debuginfo-0.10.23-42.amzn2.0.4.i686

src:
    gstreamer-plugins-bad-free-0.10.23-42.amzn2.0.4.src

x86_64:
    gstreamer-plugins-bad-free-0.10.23-42.amzn2.0.4.x86_64
    gstreamer-plugins-bad-free-devel-0.10.23-42.amzn2.0.4.x86_64
    gstreamer-plugins-bad-free-devel-docs-0.10.23-42.amzn2.0.4.x86_64
    gstreamer-plugins-bad-free-debuginfo-0.10.23-42.amzn2.0.4.x86_64