Package "libvncserver"
| Name: |
libvncserver
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- API to write one's own VNC server - client library
- API to write one's own VNC server - development files
- API to write one's own VNC server
|
| Latest version: |
0.9.15+dfsg-1ubuntu0.1 |
| Release: |
questing (25.10) |
| Level: |
security |
| Repository: |
main |
Links
Other versions of "libvncserver" in Questing
Packages in group
Deleted packages are displayed in grey.
Changelog
|
libvncserver (0.9.15+dfsg-1ubuntu0.1) questing-security; urgency=medium
* SECURITY UPDATE: Heap Out-of-Bounds Read in HandleUltraZipBPP
- debian/patches/CVE-2026-32853.patch: libvncclient: add bounds checks to
UltraZip subrectangle parsing in src/libvncclient/ultra.c.
- CVE-2026-32853
* SECURITY UPDATE: NULL pointer dereferences in httpd proxy handlers
- debian/patches/CVE-2026-32854.patch: libvncserver: fix NULL pointer
dereferences in httpd proxy handlers in src/libvncserver/httpd.c.
- CVE-2026-32854
* SECURITY UPDATE: OOB write in Tight Gradient decoding
- debian/patches/CVE-2026-44988.patch: libvncclient: fix Tight gradient
decoding overflow in include/rfb/rfbclient.h, src/libvncclient/tight.c.
- CVE-2026-44988
-- Marc Deslauriers <email address hidden> Mon, 15 Jun 2026 10:52:23 -0400
|
| CVE-2026-32853 |
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler tha |
| CVE-2026-32854 |
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within h |
| CVE-2026-44988 |
LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048- |
|
About
-
Send Feedback to @ubuntu_updates
