libvncserver.so is vulnerable to remote code execution. The vulnerability is possible because of the flaw in the server code of the file transfer extension, leading to heap use-after-free.
CPE | Name | Operator | Version |
---|---|---|---|
libvncserver.so | eq | 0.0.0 |
bugzilla.redhat.com/show_bug.cgi?id=1661136
github.com/LibVNC/libvncserver/commit/ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
github.com/LibVNC/libvncserver/issues/241
ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/
lists.debian.org/debian-lts-announce/2018/12/msg00017.html
lists.debian.org/debian-lts-announce/2019/10/msg00042.html
usn.ubuntu.com/3877-1/
www.debian.org/security/2019/dsa-4383