Y637F9Qq2X

**Name of the Vulnerable Software and Affected Versions** LibVNCServer versions prior to commit 009008e LibVNCServer version 0.9.15 **Description** The software contains a heap out-of-bounds read issue in the UltraZip encoding handler. A malicious VNC server can exploit this to cause information disclosure or application crash. The issue is due to improper bounds checking in the `HandleUltraZipBPP()` function. Attackers can manipulate subrectangle header counts to read beyond the allocated heap buffer. **Recommendations** Update to a version after commit 009008e.

**Name of the Vulnerable Software and Affected Versions** LibVNCServer versions prior to the commit dc78dee LibVNCServer version 0.9.15 **Description** The software contains null pointer dereference issues in the HTTP proxy handlers within the `httpProcessInput()` function in `httpd.c`. These issues allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Specifically, missing validation of the `strchr()` return values in the CONNECT and GET proxy handling paths can trigger null pointer dereferences, leading to a server crash when httpd and proxy features are enabled. **Recommendations** Update LibVNCServer to a version after the commit dc78dee.