Skip to content

fix(libvncserver): CVE-2026-32853 and CVE-2026-32854#3

Open
deepin-ci-robot wants to merge 3 commits intomasterfrom
fix/CVE-2026-32853-multi
Open

fix(libvncserver): CVE-2026-32853 and CVE-2026-32854#3
deepin-ci-robot wants to merge 3 commits intomasterfrom
fix/CVE-2026-32853-multi

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented May 7, 2026

CVE 修复

CVE IDs: CVE-2026-32853, CVE-2026-32854

CVE-2026-32853

漏洞描述: Heap out-of-bounds read vulnerability in UltraZip encoding handler

影响版本: LibVNCServer 0.9.15 and prior

修复方案: Add bounds checks to UltraZip subrectangle parsing

上游链接: LibVNC/libvncserver@009008e

验证状态: ✅ Patches applied successfully, only debian/ modified

CVE-2026-32854

漏洞描述: NULL pointer dereference in HTTP proxy handlers

影响版本: LibVNCServer 0.9.15 and prior

修复方案: Add NULL checks before using strchr() return values

上游链接: LibVNC/libvncserver@dc78dee

验证状态: ✅ Patches applied successfully, only debian/ modified

修复方式: backport-upstream
Generated by: CVE-Fixer Agent
Co-Authored-By: hudeng hudeng@deepin.org

deepin-ci-robot and others added 3 commits May 7, 2026 22:15
@deepin-ci-robot @hudeng-go
fix(libvncserver): CVE-2026-32853
e941f7e 
Fix heap out-of-bounds read in UltraZip encoding handler.

HandleUltraZipBPP() iterates over sub-rectangles without validating
that the pointer stays within the decompressed data buffer. A malicious
server can set a large numCacheRects value, causing heap out-of-bounds
reads.

Upstream: LibVNC/libvncserver@009008e
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot @hudeng-go
fix(libvncserver): CVE-2026-32854
3234806 
Fix null pointer dereference in HTTP proxy handlers.

httpProcessInput() passes the return value of strchr() to atoi()
and strncmp() without checking for NULL. If a CONNECT request
contains no colon, or a GET request contains no slash, strchr()
returns NULL, leading to a segmentation fault.

Upstream: LibVNC/libvncserver@dc78dee
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot @hudeng-go
chore: update changelog for CVE-2026-32853 and CVE-2026-32854
cf4f04e 
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented May 7, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zccrs for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

TAG Bot

TAG: 0.9.14+dfsg-1deepin1
EXISTED: no
DISTRIBUTION: unstable

@hudeng-go
Copy link
Copy Markdown

hudeng-go commented May 8, 2026

/integrate

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3967
PrNumber: 3967
PrBranch: auto-integration-25545790974

@deepin-community-ci-bot deepin-community-ci-bot Bot mentioned this pull request May 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenchongbiao chenchongbiao Awaiting requested review from chenchongbiao

@myml myml Awaiting requested review from myml

Assignees

No one assigned

Labels

cve generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deepin-ci-robot @hudeng-go