UBUNTU-CVE-2026-44988

LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC serve...

CVE-2026-44988 LibVNCClient Tight Gradient decoding allows malicious server-triggered heap/stack OOB writes

LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC serve...

CVE-2026-44988

CVE-2026-44988 concerns LibVNCClient (0.9.15 and earlier) where the Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter and does not reject Wide Tight rectangles. A malicious VNC server can send a FramebufferUpdate rectangle encoded with Tight (NoZlib | Expli...

Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429. Patch Instructions: To install this SUSE...

SUSE-SU-2026:1173-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. - CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429...

EUVD-2011-0917

Malware in sbrugna...

EUVD-2017-1369

Malware in sbrugna...

EUVD-2011-0916

Malware in sbrugna...

SUSE CVE-2011-0904

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service daemon crash via a large 1...

SUSE CVE-2011-0905

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service daemon crash via crafted...

SUSE CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area...

SUSE CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed leng...

RHEL 7 : qemu-kvm (RHSA-2018:0816)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0816 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide th...

ALPINE-CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed leng...

ALPINE-CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area...

DEBIAN-CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed leng...

UBUNTU-CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area...

CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area...

DEBIAN-CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service application crash or possibly execute arbitrary code by specifying a large screen size in a 1...

UBUNTU-CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service application crash or possibly execute arbitrary code by specifying a large screen size in a 1...