It was discovered that LibVNCServer had a memory leak in the client cleanup function. An attacker could possibly use this issue to cause LibVNCServer to consume memory, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2020-29260)
It was discovered that LibVNCServer did not properly validate bounds when handling UltraZip encoding subrectangles. A remote attacker could possibly use this issue to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2026-32853)
It was discovered that LibVNCServer did not properly validate return values in the HTTP proxy handlers. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2026-32854)
It was discovered that LibVNCServer did not properly handle Tight encoding gradient filter rectangles. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-44988)
0.9.13+dfsg-3ubuntu0.10.9.14+dfsg-1ubuntu0.10.9.15+dfsg-1ubuntu0.10.9.15+dfsg-3ubuntu0.1