彙總 libvncserver_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 緩衝區溢位與記憶體損壞 等問題,部分漏洞可能導致 應用程式崩潰,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-32854 | LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled. | [email protected] | 6.3 | 0.85% | 2026-03-24 | 2026-03-25 |
| CVE-2026-32853 | LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer. | [email protected] | 6.9 | 0.02% | 2026-03-24 | 2026-03-25 |
| CVE-2020-29260 | libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | [email protected] | 7.5 | 0.94% | 2022-09-02 | 2024-11-21 |
| CVE-2020-25708 | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | [email protected] | 7.5 | 0.78% | 2020-11-27 | 2024-11-21 |
| CVE-2017-18922 | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. | [email protected] | 9.8 | 6.87% | 2020-06-30 | 2024-11-21 |
| CVE-2020-14401 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | [email protected] | 6.5 | 1.30% | 2020-06-17 | 2024-11-21 |
| CVE-2020-14400 | An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary | [email protected] | 7.5 | 2.48% | 2020-06-17 | 2024-11-21 |
| CVE-2020-14399 | An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. | [email protected] | 7.5 | 2.48% | 2020-06-17 | 2024-11-21 |
| CVE-2010-5304 | A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. | [email protected] | 7.5 | 3.38% | 2020-02-05 | 2024-11-21 |
| CVE-2018-7225 | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. | [email protected] | 9.8 | 3.26% | 2018-02-19 | 2024-11-21 |
| CVE-2016-9942 | Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. | [email protected] | 9.8 | 1.66% | 2016-12-31 | 2026-05-06 |
| CVE-2016-9941 | Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. | [email protected] | 9.8 | 1.66% | 2016-12-31 | 2026-05-06 |