NULL pointer dereference in Libvnc Libvncserver

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by s…

EPSS: 0.009 (75.9th percentile) — read the EPSS interpretation.

Affected products

Libvnc Libvncserver — versions 0, dc78dee51a7e270e537a541a17befdf2073f5314

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x (vendor-advisory)
github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314 (patch)
www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference (third-party-advisory)