UbuntuUpdates.org

Package "libvncserver-dev"

Name: libvncserver-dev

Description:

API to write one's own VNC server - development files
Latest version: 0.9.13+dfsg-3ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: main
Head package: libvncserver
Homepage: http://libvnc.github.io

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libvncserver-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libvncserver-dev" in Jammy

Repository Area Version
base main 0.9.13+dfsg-3build2
updates main 0.9.13+dfsg-3ubuntu0.1

Changelog

Version: 0.9.13+dfsg-3ubuntu0.1 2026-06-23 16:07:29 UTC

  libvncserver (0.9.13+dfsg-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: memory leak in rfbClientCleanup()
    - debian/patches/CVE-2020-29260.patch: libvncclient: free vncRec memory in
      rfbClientCleanup() in libvncclient/vncviewer.c.
    - CVE-2020-29260
  * SECURITY UPDATE: Heap Out-of-Bounds Read in HandleUltraZipBPP
    - debian/patches/CVE-2026-32853.patch: libvncclient: add bounds checks to
      UltraZip subrectangle parsing in libvncclient/ultra.c.
    - CVE-2026-32853
  * SECURITY UPDATE: NULL pointer dereferences in httpd proxy handlers
    - debian/patches/CVE-2026-32854.patch: libvncserver: fix NULL pointer
      dereferences in httpd proxy handlers in libvncserver/httpd.c.
    - CVE-2026-32854
  * SECURITY UPDATE: OOB write in Tight Gradient decoding
    - debian/patches/CVE-2026-44988.patch: libvncclient: fix Tight gradient
      decoding overflow in rfb/rfbclient.h, libvncclient/tight.c.
    - CVE-2026-44988

 -- Marc Deslauriers <email address hidden> Mon, 15 Jun 2026 10:59:47 -0400
CVE-2020-29260 libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
CVE-2026-32853 LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler tha
CVE-2026-32854 LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within h
CVE-2026-44988 LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-


About   -   Send Feedback to @ubuntu_updates