Ubuntu LibVNCServer Important Denial Of Service Vulnerabilities USN-8463-1

ubuntu

June 23, 2026

Several security issues were fixed in LibVNCServer.

Summary

Several security issues were fixed in LibVNCServer.

Software Description:

- libvncserver: vnc server library

Details:

It was discovered that LibVNCServer had a memory leak in the client cleanup

function. An attacker could possibly use this issue to cause LibVNCServer

to consume memory, leading to a denial of service. This issue only affected

Ubuntu 22.04 LTS. (CVE-2020-29260)

It was discovered that LibVNCServer did not properly validate bounds when

handling UltraZip encoding subrectangles. A remote attacker could possibly

use this issue to obtain sensitive information or cause a denial of

service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and

Ubuntu 25.04. (CVE-2026-32853)

It was discovered that LibVNCServer did not properly validate return values

in the HTTP proxy handlers. A remote attacker could possibly use this issue

to cause LibVNCServer to crash, resulting in a denial of service. This

issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu ...

Read the Full Advisory

Topics Covered

security advisory denial of service remote code execution Ubuntu important libvncserver

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libvncclient1                   0.9.15+dfsg-3ubuntu0.1
  libvncserver1                   0.9.15+dfsg-3ubuntu0.1

Ubuntu 25.10
  libvncclient1                   0.9.15+dfsg-1ubuntu0.1
  libvncserver1                   0.9.15+dfsg-1ubuntu0.1

Ubuntu 24.04 LTS
  libvncclient1                   0.9.14+dfsg-1ubuntu0.1
  libvncserver1                   0.9.14+dfsg-1ubuntu0.1

Ubuntu 22.04 LTS
  libvncclient1                   0.9.13+dfsg-3ubuntu0.1
  libvncserver1                   0.9.13+dfsg-3ubuntu0.1

In general, a standard system update will make all the necessary changes.