CVE-2026-32853

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

6.9MEDIUM

EPSS

0.0%

top 87.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libvncserver Project Libvncserver Libvnc Libvncserver

Timeline

PublishedMar 24

Description

LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDlibvncserver_project/libvncserver< 0.9.15

▶Debianlibvncserver< 0.9.15+dfsg-3

▶CVEListV5libvnc/libvncserver0.9.15

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

LibVNCServer UltraZip Encoding Heap Out-of-bounds Read↗2026-03-24

▶

OSV

CVE-2026-32853: LibVNCServer versions 0↗2026-03-24

▶

📋Vendor Advisories

Red Hat

LibVNCServer: LibVNCServer: Information disclosure or Denial of Service via heap out-of-bounds read in UltraZip encoding↗2026-03-24

▶

Debian

CVE-2026-32853: libvncserver - LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-32853 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶