Kitknox

**Name of the Vulnerable Software and Affected Versions** Deskflow versions prior to 1.26.0.138 **Description** A remote memory-safety issue in clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The problem exists in the implementation of 'src/lib/deskflow/IClipboard.cpp' because the `ClipboardChunk::assemble()` function in 'src/lib/deskflow/ClipboardChunk.cpp' only validates the outer clipboard transfer size. Since the internal structure of the serialized clipboard blob is not validated, malformed inner lengths reach the `IClipboard::unmarshall()` function unchanged. **Recommendations** Update to version 1.26.0.138.