CVE-2026-44988

Name of the Vulnerable Software and Affected Versions LibVNCClient versions prior to 0.9.16

Description The Tight encoding decoder in LibVNCClient uses fixed-size 2048-pixel scratch buffers for the Gradient filter but fails to reject Tight rectangles with a width exceeding 2048 pixels. A malicious VNC server can send a crafted FramebufferUpdate rectangle using Tight encoding with NoZlib | ExplicitFilter and the Gradient filter. When a client based on LibVNCClient connects, it processes the server-controlled rectangle width and writes beyond the fixed-size Gradient buffers, leading to a buffer overflow.

Recommendations Update to version 0.9.16 or later.