Impact
LibVNCServer versions 0.9.15 and earlier contain a null pointer dereference flaw, identified as CWE-476, in the HTTP proxy handlers within httpProcessInput() of httpd.c. The bug arises from missing validation of strchr() return values in the CONNECT and GET proxy paths, which allows an attacker to send a specially crafted HTTP request that triggers a crash, resulting in denial of service.
Affected Systems
LibVNCServer, the VNC server library from the LibVNC project, affects all releases up to and including 0.9.15 when the HTTP daemon and proxy features are enabled. The defect is fixed in commit dc78dee of the LibVNCServer repository.
Risk and Exploitability
The CVSS score of 6.3 classifies the problem as medium severity, and the EPSS score of 5% indicates a moderate likelihood of exploitation. The flaw is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector is remote via crafted HTTP requests received by the httpd component, allowing an unauthorized attacker to cause the VNC server to crash and deny service.
OpenCVE Enrichment
Ubuntu USN