Skip to main content

Libvncserver CVE-2026-32854

| EUVDEUVD-2026-14932 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-24 VulnCheck
6.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.3 MEDIUM
qualitative

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 17:45 euvd
EUVD-2026-14932
Analysis Generated
Mar 24, 2026 - 17:45 vuln.today
Patch released
Mar 24, 2026 - 17:45 nvd
Patch available
CVE Published
Mar 24, 2026 - 17:31 nvd
MEDIUM 6.3

DescriptionCVE.org

LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.

AnalysisAI

LibVNCServer versions 0.9.15 and earlier contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpd.c that allow remote attackers to cause denial of service by sending specially crafted HTTP requests. The vulnerability affects systems with both httpd and proxy features enabled, and while no CVSS score or EPSS data is currently available, the presence of a public patch and vendor advisory indicates this is a recognized security issue requiring prompt attention.

Technical ContextAI

LibVNCServer is a VNC (Virtual Network Computing) server library commonly used in remote desktop and embedded systems. The vulnerability exists in the HTTP proxy handling code, specifically in the httpProcessInput() function within httpd.c, which processes incoming HTTP requests when the server is configured to operate as an HTTP proxy. The root cause is classified as CWE-476 (Null Pointer Dereference), stemming from missing validation of return values from the strchr() C standard library function in both CONNECT and GET HTTP proxy handling code paths. When strchr() fails to find a character in a string, it returns a NULL pointer; the vulnerable code does not validate this return value before dereferencing it, leading to a crash. This represents a common input validation weakness where string parsing operations assume successful results without defensive checking.

RemediationAI

Upgrade LibVNCServer to a version newer than 0.9.15, incorporating commit dc78dee51a7e270e537a541a17befdf2073f5314 or later from the official LibVNC repository (https://github.com/LibVNC/libvncserver). For systems unable to patch immediately, disable HTTP proxy features if they are not required for operations, as the vulnerability only manifests when httpd and proxy handlers are enabled. Network segmentation should be implemented to restrict access to VNC server ports to trusted networks only. Review the official vendor advisory at https://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference for additional context and ensure all deployed instances are tracked for patching coverage.

CVE-2018-7225 CRITICAL POC
9.8 Feb 19

An issue was discovered in LibVNCServer through 0.9.11. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2014-6052 HIGH POC
7.5 Dec 15

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain

CVE-2014-6053 MEDIUM
5.0 Dec 15

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not proper

CVE-2020-25708 HIGH POC
7.5 Nov 27

A divide by zero issue was found to occur in libvncserver-0.9.12. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2014-6054 MEDIUM
4.3 Oct 06

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote a

CVE-2016-9942 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a den

CVE-2016-9941 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a

CVE-2018-20020 CRITICAL
9.8 Dec 19

LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside stru

CVE-2018-20019 CRITICAL
9.8 Dec 19

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities

CVE-2018-15127 CRITICAL
9.8 Dec 19

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server c

CVE-2018-15126 CRITICAL
9.8 Dec 19

LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code

CVE-2014-6051 HIGH
7.5 Sep 30

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC se

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Fixed
openSUSE Leap 15.6 Fixed

Share

CVE-2026-32854 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy