Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:37130 - Security Advisory
Issued:
2026-07-09
Updated:
2026-07-09

RHSA-2026:37130 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: gstreamer1-plugins-bad-free security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

  • gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb (CVE-2026-52720)
  • gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling (CVE-2026-52722)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

  • BZ - 2486731 - CVE-2026-52720 gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb
  • BZ - 2486733 - CVE-2026-52722 gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling

CVEs

  • CVE-2026-52720
  • CVE-2026-52722

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
x86_64
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.i686.rpm SHA-256: f3dbb742513304addff642b224f8fcaeb233e20ca931ffa38ea5216dfc7362a4
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.x86_64.rpm SHA-256: 5d9fad31ba2e2e75c935b54a8a49398166a141d1dba29d2dc5a4635a228aed54
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.i686.rpm SHA-256: 819abbe5dd5b1d8b059cf6745ecb4934ef99f302855756730dd82d6a1cdd7390
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.x86_64.rpm SHA-256: 487fc0b7448444a61c47c4d43c37243e8daa2b85067e9ac70413f7e3d82fa185
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.i686.rpm SHA-256: c288fe081eee8cdcf87446e6e704bb0769ca5ade5d5ee852835f2308f3ff82eb
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.x86_64.rpm SHA-256: 96d773a5cd30e33de4071f58fdf97aaf12819e93635b095a05fbe89e98cf3067

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
s390x
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.s390x.rpm SHA-256: 4554c70b95f142536d5ccad040cee3987aa7d6b7fd88a2917633e7acc00afbed
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.s390x.rpm SHA-256: 830c3c74b5fa3b46f155c5d06df2b185f788947e8fddbe1090807fd573783dd5
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.s390x.rpm SHA-256: 60c3d53b0ad8516854bb7927ec2fd76f19ab2b10b17da1ba68582279813322e9

Red Hat Enterprise Linux for Power, little endian 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
ppc64le
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.ppc64le.rpm SHA-256: f8c4e86d12d98cd5c9e1fe3031a6f4cd32cc547a78309838be4351d0850183a8
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.ppc64le.rpm SHA-256: 10f60def79d1818a6618c1f41f36ac5aa47d7c27478ee7a43bd690e28e8c5a30
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.ppc64le.rpm SHA-256: 4566502f3d064f80974dbb09430caac98f101cc622c6a9fc93618651eb0c01f2

Red Hat Enterprise Linux for ARM 64 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
aarch64
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.aarch64.rpm SHA-256: cd9c7845921ff22ab030522d77131a40e6c80c9f71ca379f43695b0ab62efa52
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.aarch64.rpm SHA-256: c484b96ab3f854f1a55a18c9d03360af99ff8201ef1220e1739fc3e5c8bd6479
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.aarch64.rpm SHA-256: e0cd002ca9c7db295b64762e1b643a19d9ee875d591509ab7b16dc073a22a2a9

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.i686.rpm SHA-256: 819abbe5dd5b1d8b059cf6745ecb4934ef99f302855756730dd82d6a1cdd7390
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.x86_64.rpm SHA-256: 487fc0b7448444a61c47c4d43c37243e8daa2b85067e9ac70413f7e3d82fa185
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.i686.rpm SHA-256: c288fe081eee8cdcf87446e6e704bb0769ca5ade5d5ee852835f2308f3ff82eb
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.x86_64.rpm SHA-256: 96d773a5cd30e33de4071f58fdf97aaf12819e93635b095a05fbe89e98cf3067
gstreamer1-plugins-bad-free-devel-1.16.1-8.el8_10.i686.rpm SHA-256: 06ac3b2247c4a6d52fe4168d972f008857e770bd170f8e3aca72475cba72570d
gstreamer1-plugins-bad-free-devel-1.16.1-8.el8_10.x86_64.rpm SHA-256: 6d2d62b902c05cdaf6a6359d13e48c15518ff3b280217238b08522f330593760

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.ppc64le.rpm SHA-256: 10f60def79d1818a6618c1f41f36ac5aa47d7c27478ee7a43bd690e28e8c5a30
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.ppc64le.rpm SHA-256: 4566502f3d064f80974dbb09430caac98f101cc622c6a9fc93618651eb0c01f2
gstreamer1-plugins-bad-free-devel-1.16.1-8.el8_10.ppc64le.rpm SHA-256: 531c77890de9d79680d4aec0f71828acd14aa7f1b0dc1b1f4b5c68d79b366543

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.aarch64.rpm SHA-256: c484b96ab3f854f1a55a18c9d03360af99ff8201ef1220e1739fc3e5c8bd6479
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.aarch64.rpm SHA-256: e0cd002ca9c7db295b64762e1b643a19d9ee875d591509ab7b16dc073a22a2a9
gstreamer1-plugins-bad-free-devel-1.16.1-8.el8_10.aarch64.rpm SHA-256: df1bc7e5188455a2c3c1e2786755d704cd0bc6e5e481503cae6cd5d3e539f170

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.s390x.rpm SHA-256: 830c3c74b5fa3b46f155c5d06df2b185f788947e8fddbe1090807fd573783dd5
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.s390x.rpm SHA-256: 60c3d53b0ad8516854bb7927ec2fd76f19ab2b10b17da1ba68582279813322e9
gstreamer1-plugins-bad-free-devel-1.16.1-8.el8_10.s390x.rpm SHA-256: 1cea382d3e411f96cc92c3187999b4f6285fddb21593acf7dde70e069c44f180

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
x86_64
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.i686.rpm SHA-256: f3dbb742513304addff642b224f8fcaeb233e20ca931ffa38ea5216dfc7362a4
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.x86_64.rpm SHA-256: 5d9fad31ba2e2e75c935b54a8a49398166a141d1dba29d2dc5a4635a228aed54
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.i686.rpm SHA-256: 819abbe5dd5b1d8b059cf6745ecb4934ef99f302855756730dd82d6a1cdd7390
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.x86_64.rpm SHA-256: 487fc0b7448444a61c47c4d43c37243e8daa2b85067e9ac70413f7e3d82fa185
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.i686.rpm SHA-256: c288fe081eee8cdcf87446e6e704bb0769ca5ade5d5ee852835f2308f3ff82eb
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.x86_64.rpm SHA-256: 96d773a5cd30e33de4071f58fdf97aaf12819e93635b095a05fbe89e98cf3067

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
aarch64
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.aarch64.rpm SHA-256: cd9c7845921ff22ab030522d77131a40e6c80c9f71ca379f43695b0ab62efa52
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.aarch64.rpm SHA-256: c484b96ab3f854f1a55a18c9d03360af99ff8201ef1220e1739fc3e5c8bd6479
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.aarch64.rpm SHA-256: e0cd002ca9c7db295b64762e1b643a19d9ee875d591509ab7b16dc073a22a2a9

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
ppc64le
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.ppc64le.rpm SHA-256: f8c4e86d12d98cd5c9e1fe3031a6f4cd32cc547a78309838be4351d0850183a8
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.ppc64le.rpm SHA-256: 10f60def79d1818a6618c1f41f36ac5aa47d7c27478ee7a43bd690e28e8c5a30
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.ppc64le.rpm SHA-256: 4566502f3d064f80974dbb09430caac98f101cc622c6a9fc93618651eb0c01f2

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.src.rpm SHA-256: ccf2b3c3b69b7470eb487cdc5fcb0e14db2a1bc6d1a0cbc7d62dd66bd81009b7
s390x
gstreamer1-plugins-bad-free-1.16.1-8.el8_10.s390x.rpm SHA-256: 4554c70b95f142536d5ccad040cee3987aa7d6b7fd88a2917633e7acc00afbed
gstreamer1-plugins-bad-free-debuginfo-1.16.1-8.el8_10.s390x.rpm SHA-256: 830c3c74b5fa3b46f155c5d06df2b185f788947e8fddbe1090807fd573783dd5
gstreamer1-plugins-bad-free-debugsource-1.16.1-8.el8_10.s390x.rpm SHA-256: 60c3d53b0ad8516854bb7927ec2fd76f19ab2b10b17da1ba68582279813322e9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility