12 matches found
CVE-2020-25708
CVE-2020-25708 affects libvncserver (notably libvncserver-0.9.12). A divide-by-zero condition triggered by a malicious crafted message processed by a VNC server can cause a denial of service. Various Nessus-derived advisories reference this CVE among a set of LibVNCServer issues; the materials do...
CVE-2017-18922
CVE-2017-18922 : LibVNCServer’s websockets.c (prior to 0.9.12) is affected; multiple advisories report that malformed WebSocket frames can trigger a heap-based buffer overflow. The connected Nessus entries confirm affected packages across various distros (e.g., MiracleLinux, Alibaba Cloud Linux, ...
CVE-2020-14399
CVE-2020-14399 affects LibVNCServer before 0.9.13. The issue is that Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c, enabling potential memory handling problems. Many OpenVAS/Nessus advisories reference this CVE among multiple LibVNCServer issues; the confirmed...
CVE-2020-14401
CVE-2020-14401 affects LibVNCServer up to version 0.9.12; the vulnerability is in libvncserver/scale.c where a pixel_value integer overflow occurs. Connected sources (EulerOS/SUSE/Nessus references) enumerate this CVE among a set of LibVNCServer issues, with the common remediation context implyin...
CVE-2020-14400
CVE-2020-14400 affects LibVNCServer up to version 0.9.12, where Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. Multiple security advisories (e.g., SUSE EulerOS/OpenVAS sources) list this CVE among a set of LibVNCServer issues and indicate fixes in newer relea...
CVE-2018-7225
CVE-2018-7225 in LibVNCServer : rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, allowing access to uninitialized and potentially sensitive data via crafted VNC packets. This affects LibVNCServer up to version 0.9.11. Multiple downstream advisories document fixes i...
CVE-2016-9942
CVE-2016-9942 is a heap-based buffer overflow in LibVNCServer/LibVNCClient (ultra.c) that can be triggered by a crafted FramebufferUpdate with the Ultra tile, allowing remote servers to crash the client or potentially execute arbitrary code when the LZO payload length exceeds the tile dimensions....
CVE-2016-9941
LibVNCServer/LibVNCClient (LibVNCServer) contains heap-based buffer overflow vulnerabilities: CVE-2016-9941 in rfbproto.c and CVE-2016-9942 in ultra.c, exploitable via crafted FramebufferUpdate messages. These allow denial of service and potentially remote code execution on affected clients/serve...
CVE-2020-29260
CVE-2020-29260 affects libvncserver/libvncclient v0.9.13, with a memory leak in rfbClientCleanup() causing resource retention and potential memory exhaustion. The vulnerability is labeled with CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5, HIGH, network attack, no privileges, no user in...
CVE-2010-5304
CVE-2010-5304 is a NULL pointer dereference in LibVNCServer before 0.9.9 when processing certain ClientCutText messages, allowing a remote attacker to crash the VNC server by sending a crafted ClientCutText. Public references in SUSE and Fedora advisories show fixes in later packages (e.g., libvn...
CVE-2026-32853
CVE-2026-32853 affects LibVNCServer versions 0.9.15 and earlier, with a heap out-of-bounds read in the UltraZip encoding handler. The flaw, due to improper bounds checking in HandleUltraZipBPP(), can be triggered by manipulating subrectangle header counts, leading to information disclosure or app...
CVE-2026-32854
LibVNCServer