Vulnerability Description
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libvncserver Project | Libvncserver | < 0.9.15 |
Related Weaknesses (CWE)
References
- https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3Patch
- https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcjVendor Advisory
- https://www.vulncheck.com/advisories/libvncserver-ultrazip-encoding-heap-out-of-ExploitVendor Advisory
- https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcjVendor Advisory
FAQ
What is CVE-2026-32853?
CVE-2026-32853 is a vulnerability with a CVSS score of 8.1 (HIGH). LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause informatio...
How severe is CVE-2026-32853?
CVE-2026-32853 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-32853?
Check the references section above for vendor advisories and patch information. Affected products include: Libvncserver Project Libvncserver.