Buffer Overflow Vulnerability in UltraVNC Viewer by UltraVNC
CVE-2026-7831
7.5HIGH
What is CVE-2026-7831?
UltraVNC Viewer up to version 1.8.2.2 is susceptible to an off-by-one stack buffer overflow caused by improper handling of the RFB ServerInit message. When the server-supplied 'nameLength' equals 2024, the application allocates a 2024-byte stack buffer but incorrectly writes a null terminator outside its bounds, leading to potential corruption of adjacent stack data. This flaw can be exploited by malicious VNC servers advertising a desktop name of length 2024, necessitating user interaction to connect to the compromised server. Depending on whether stack protection mechanisms like canaries are enabled, this vulnerability can either cause a denial of service or allow unintended consequences due to stack data corruption.
Affected Version(s)
UltraVNC 0 <= 1.8.2.2
