Bug 2461689 (CVE-2026-41476) - CVE-2026-41476 deskflow: Deskflow: Information disclosure via malformed clipboard update
Summary: CVE-2026-41476 deskflow: Deskflow: Information disclosure via malformed clipb...
Keywords:
Status: NEW
Alias: CVE-2026-41476
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2463198 2463199
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-24 20:02 UTC by OSIDB Bzimport
Modified: 2026-04-27 11:48 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-24 20:02:41 UTC
Deskflow is a keyboard and mouse sharing app.  Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of src/lib/deskflow/IClipboard.cpp. This is reachable because ClipboardChunk::assemble() in src/lib/deskflow/ClipboardChunk.cpp validates only the outer clipboard transfer size. It does not validate the internal structure of the serialized clipboard blob, so malformed inner lengths reach IClipboard::unmarshall() unchanged. This vulnerability is fixed in 1.26.0.138.


Note You need to log in before you can comment on or make changes to this bug.