SB20260427125 - SUSE update for LibVNCServer

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260427125

SB20260427125 - SUSE update for LibVNCServer

Published: April 27, 2026

Security Bulletin ID SB20260427125
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2026-32853)

The vulnerability allows a remote attacker to disclose sensitive information or cause a denial of service.

The vulnerability exists due to out-of-bounds read in the HandleUltraZipBPP function in src/libvncclient/ultra.c when processing UltraZip-encoded FramebufferUpdate messages. A remote attacker can send a specially crafted FramebufferUpdate message with an attacker-controlled subrectangle count to disclose sensitive information or cause a denial of service.

UltraZip encoding is enabled by default in LibVNCClient, and no authentication is required on the server side when using rfbSecTypeNone.


2) NULL pointer dereference (CVE-ID: CVE-2026-32854)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in httpProcessInput in src/libvncserver/httpd.c when handling malformed CONNECT or GET requests to the HTTP proxy handlers. A remote attacker can send a specially crafted request to cause a denial of service.

Only configurations with both the non-default -httpd and -enablehttpproxy options enabled are vulnerable.


Remediation

Install update from vendor's website.

References