Source: libvncserver Version: 0.9.15+dfsg-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libvncserver. CVE-2026-44988[0]: | LibVNCClient is a library for easy implementation of a VNC client. | In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses | fixed-size 2048-pixel scratch buffers for the Gradient filter, but | it does not reject Tight rectangles whose width is larger than 2048 | pixels. A malicious VNC server can send a crafted FramebufferUpdate | rectangle using Tight encoding with NoZlib | ExplicitFilter and the | Gradient filter. When a LibVNCClient-based client connects, the | client processes the server-controlled rectangle width and writes | beyond fixed-size Gradient buffers. This vulnerability is fixed with | commit 5b270544b85233668b98161323297d418a8f5fd1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-44988 https://www.cve.org/CVERecord?id=CVE-2026-44988 [1] https://github.com/LibVNC/libvncserver/security/advisories/GHSA-jcc5-8wj4-7c58 [2] https://github.com/LibVNC/libvncserver/commit/5b270544b85233668b98161323297d418a8f5fd1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
