Nixpkgs security tracker

Untriaged

Permalink CVE-2026-34352

8.5 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): LOW

created 2 weeks, 5 days ago

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users …

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

References

https://www.openwall.com/lists/oss-security/2026/03/26/7
https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd4…
https://sourceforge.net/projects/tigervnc/files/stable/1.16.2
https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI

Affected products

TigerVNC

<1.16.2

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

nixos-unstable 1.16.0
- nixpkgs-unstable 1.16.0
- nixos-unstable-small 1.16.0
nixos-25.11 1.15.0
- nixos-25.11-small 1.15.0
- nixpkgs-25.11-darwin 1.15.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.tigervnc