Libvncserver Security Vulnerabilities and Issues — Libvncserver CVE List

Lucene search

Libvncserver ProjectLibvncserver

4 matches found

CVE•added 2020/06/30 11:15 a.m.•237 views

CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

9.8CVSS9.2AI score0.0442EPSS

CVE•added 2018/02/19 3:29 p.m.•138 views

CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packe...

9.8CVSS8.7AI score0.0375EPSS

CVE•added 2016/12/31 6:59 p.m.•106 views

CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed leng...

9.8CVSS9.8AI score0.00617EPSS

CVE•added 2016/12/31 6:59 p.m.•95 views

CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.

9.8CVSS9.7AI score0.00617EPSS