rpm package
suse/LibVNCServer&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44988 | Hig | 8.8 | < 0.9.14-160000.5.1 | 0.9.14-160000.5.1 | May 27, 2026 | LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A ma | |
| CVE-2026-32854 | — | < 0.9.14-160000.4.1 | 0.9.14-160000.4.1 | Mar 24, 2026 | LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. A | ||
| CVE-2026-32853 | — | < 0.9.14-160000.4.1 | 0.9.14-160000.4.1 | Mar 24, 2026 | LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checkin |
- affected < 0.9.14-160000.5.1fixed 0.9.14-160000.5.1
LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A ma
- CVE-2026-32854Mar 24, 2026affected < 0.9.14-160000.4.1fixed 0.9.14-160000.4.1
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. A
- CVE-2026-32853Mar 24, 2026affected < 0.9.14-160000.4.1fixed 0.9.14-160000.4.1
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checkin