HIGH
LibVNC
CVE published 2026-05-27
CVE-2026-44988
LibVNCClient versions 0.9.15 and earlier contain a heap-based buffer overflow in the Tight encoding decoder's Gradient filter. The vulnerability stems from a fixed-size 2048-pixel scratch buffer that is not validated against attacker-controlled rectangle widths in FramebufferUpdate messages. A malicious VNC server can craft a Tight-encoded rectangle with width exceeding 2048 pixels using NoZlib | Explicit [truncated]