Astra Linux – Vulnerability in libvncserver

It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...

Linux Distros Unpatched Vulnerability : CVE-2026-50538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libvncserver - None Ubuntu Linux - Attacker-controlled heap out-of-bounds write in libvncclient Tight decoder CVE-2026-50538 Note that Nessus...

Important: libvncserver

Issue Overview: LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A...

Amazon Linux 2 : libvncserver, --advisory ALAS2-2026-3331 (ALAS-2026-3331)

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3331 advisory. LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decod...

TencentOS Server 4: libvncserver (TSSA-2026:0246)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0246 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

SUSE-SU-2026:2227-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2026-44988: Fixed missing validation of rectangle width in tight gradient decoding can lead to server-triggered out-of-bounds write bsc1266459...

LibVNCServer-devel-0.9.15-3.1 on GA media (moderate)

LibVNCServer-devel-0.9.15-3.1 on GA media Announcement ID: openSUSE-SU-2026:10905-1 Rating: moderate Cross-References: CVE-2026-44988 CVSS scores: CVE-2026-44988 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-44988 SUSE : 9.2...

OPENSUSE-SU-2026:10905-1 LibVNCServer-devel-0.9.15-3.1 on GA media

These are all security issues fixed in the LibVNCServer-devel-0.9.15-3.1 package on the GA media of openSUSE Tumbleweed...

LibVNCServer 缓冲区错误漏洞

LibVNCServer is a cross-platform C language library developed by LibVNC, which supports implementing VNC Virtual Network Computing server or client functions within programs. Versions of LibVNCServer prior to 0.9.15 contained a buffer error vulnerability. This vulnerability stemmed from the Tight...

Astra Linux - уязвимость в vino

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data. This allows remote attackers to cause a denial of service memory consumption or daemon crash by processing a...

Astra Linux - уязвимость в vino

A issue was discovered in LibVNCServer through version 0.9.11. The function rfbProcessClientNormalMessage in rfbserver.c does not sanitize the msg.cct.length variable, allowing access to uninitialized and potentially sensitive data, or possibly causing unspecified other impacts e.g., integer...

Astra Linux - уязвимость в libvncserver

It has been discovered that libvncclient v0.9.13 contains a memory leak through the rfbClientCleanup function...

Advisory ROSA-SA-2026-3283

Software: libvncserver 0.9.13 OS: ROSA-CHROME unaffected versions = libvncserver-0.9.13-3 affected versions libvncserver-0.9.13-3 CVE-ID: CVE-2026-32853 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read outside the heap buffer vulnerability in the UltraZip encoding handler in LibVNCServer allows a...

OESA-2026-2255 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

OESA-2026-2252 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

Astra Linux – Vulnerability in libvncserver

A issue was discovered in LibVNCServer before version 0.9.13. An improperly closed TCP connection causes an infinite loop in the libvncclient/sockets.c file...

Astra Linux – Vulnerability in libvncserver

A divide by zero issue was detected in libvncserver-0.9.12. A malicious client could exploit this flaw to send a specially crafted message. When this message is processed by the VNC server, it will cause a floating-point exception, resulting in a denial of service...

SUSE SLES16 Security Update : LibVNCServer (SUSE-SU-2026:21206-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21206-1 advisory. - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. -...

openSUSE 16 Security Update : LibVNCServer (openSUSE-SU-2026:20552-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20552-1 advisory. - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. - CVE-2026-32854: crafte...

Security update for LibVNCServer (important)

openSUSE security update: security update for libvncserver ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20552-1 Rating: important References: bsc1260429 bsc1260431 Cross-References: CVE-2026-32853 CVE-2026-32854 CVSS scores: CVE-2026-32853 SUSE :...