Integer Overflow Vulnerability in UltraVNC Viewer by UltraVNC
CVE-2026-7838
8.7HIGH
What is CVE-2026-7838?
The UltraVNC Viewer version 1.8.2.2 is susceptible to an integer overflow that can lead to a heap buffer overflow in its RFB protocol handling. Specifically, the vulnerability resides in the parsing of failure-response messages where a network-supplied value can result in incorrect memory allocation. When the viewer connects to a malicious VNC server, or if an attacker intercepts the RFB stream, this vulnerability can be exploited to trigger unintended memory operations. This may allow attackers to execute arbitrary code as the user running the viewer, raising significant security concerns for those utilizing this software.
Affected Version(s)
UltraVNC 0 <= 1.8.2.2
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Arjun Basnet, Securin (arjun.basnet@securin.io)
