PT-2026-27461 · Unknown · Libvncserver

Y637F9Qq2X

Published

2026-03-24

Updated

2026-05-09

CVE-2026-32854

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to the commit dc78dee LibVNCServer version 0.9.15

Description The software contains null pointer dereference issues in the HTTP proxy handlers within the httpProcessInput() function in httpd.c. These issues allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Specifically, missing validation of the strchr() return values in the CONNECT and GET proxy handling paths can trigger null pointer dereferences, leading to a server crash when httpd and proxy features are enabled.

Recommendations Update LibVNCServer to a version after the commit dc78dee.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2026-32854

OESA-2026-2252

OESA-2026-2253

OESA-2026-2254

OESA-2026-2255

OPENSUSE-SU-2026:10433-1

OPENSUSE-SU-2026:20552-1

SUSE-SU-2026:1124-1

SUSE-SU-2026:1173-1

SUSE-SU-2026:1174-1

SUSE-SU-2026:21206-1

Affected Products

Libvncserver

PT-2026-27461 · Unknown · Libvncserver

CVE-2026-32854

Weakness Enumeration

Related Identifiers

Affected Products

References · 32