Skip to main content

Libvncserver EUVDEUVD-2026-14930

| CVE-2026-32853 MEDIUM
Out-of-bounds Read (CWE-125)
2026-03-24 VulnCheck
6.9
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Red Hat
5.4 MEDIUM
qualitative

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 17:45 euvd
EUVD-2026-14930
Analysis Generated
Mar 24, 2026 - 17:45 vuln.today
Patch released
Mar 24, 2026 - 17:45 nvd
Patch available
CVE Published
Mar 24, 2026 - 17:30 nvd
MEDIUM 6.9

DescriptionCVE.org

LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.

AnalysisAI

LibVNCServer versions 0.9.15 and earlier contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows malicious VNC servers to disclose sensitive information or crash client applications. The vulnerability affects any application linking against the vulnerable LibVNCServer library, with exploitation requiring a malicious VNC server that manipulates subrectangle header counts to trigger improper bounds checking in the HandleUltraZipBPP() function. A patch is available from the vendor (commit 009008e), and no active exploitation or public proof-of-concept has been reported as of the intelligence sources reviewed.

Technical ContextAI

LibVNCServer is a widely-used open-source C library implementing the VNC (Virtual Network Computing) remote desktop protocol. The vulnerability exists in the UltraZip encoding handler, which is a compression-based rendering encoding used in VNC protocol communication. The root cause is classified as CWE-125 (Out-of-bounds Read), stemming from inadequate bounds validation in the HandleUltraZipBPP() function when processing subrectangle headers from the VNC protocol stream. An attacker-controlled VNC server can craft malicious encoding headers with inflated subrectangle counts that cause the handler to read beyond the bounds of allocated heap buffers, leading to information disclosure (reading adjacent heap memory) or denial of service (triggering a crash). The affected component is the core VNC protocol parser, affecting all products that statically or dynamically link against vulnerable versions of libvncserver (CPE: cpe:2.3:a:libvnc:libvncserver:*:*:*:*:*:*:*:*).

RemediationAI

Upgrade LibVNCServer to a version released after commit 009008e2f4d5a54dd71f422070df3af7b3dbc931 (the fix commit). Users of Linux distributions should check their package manager for patched versions; Debian, Ubuntu, and Red Hat typically provide updates through their security channels. Applications embedding LibVNCServer must rebuild and redeploy with the patched library version. For immediate short-term risk reduction prior to patching, restrict VNC server access to trusted network ranges using firewall rules, disable UltraZip encoding if configuration options allow (forcing fallback to safer encodings like Raw or RRE), and monitor for unexpected VNC connection attempts from untrusted sources. The patch is available at https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931 and should be prioritized for any internet-facing or untrusted-network-facing VNC services.

CVE-2018-7225 CRITICAL POC
9.8 Feb 19

An issue was discovered in LibVNCServer through 0.9.11. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2014-6052 HIGH POC
7.5 Dec 15

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain

CVE-2014-6053 MEDIUM
5.0 Dec 15

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not proper

CVE-2020-25708 HIGH POC
7.5 Nov 27

A divide by zero issue was found to occur in libvncserver-0.9.12. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2014-6054 MEDIUM
4.3 Oct 06

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote a

CVE-2016-9942 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a den

CVE-2016-9941 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a

CVE-2018-20020 CRITICAL
9.8 Dec 19

LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside stru

CVE-2018-20019 CRITICAL
9.8 Dec 19

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities

CVE-2018-15127 CRITICAL
9.8 Dec 19

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server c

CVE-2018-15126 CRITICAL
9.8 Dec 19

LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code

CVE-2014-6051 HIGH
7.5 Sep 30

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC se

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Fixed
openSUSE Leap 15.6 Fixed

Share

EUVD-2026-14930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy