Libvncserverproject Libvncserver
By the Year
In 2024 there have been 0 vulnerabilities in Libvncserverproject Libvncserver . Libvncserver did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.50 |
| 2021 | 0 | 0.00 |
| 2020 | 16 | 7.27 |
| 2019 | 2 | 8.65 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Libvncserver vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Libvncserverproject Libvncserver Security Vulnerabilities
libvncclient v0.9.13 was discovered to contain a memory leak
CVE-2020-29260
7.5 - High
- September 02, 2022
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
Resource Exhaustion
A divide by zero issue was found to occur in libvncserver-0.9.12
CVE-2020-25708
7.5 - High
- November 27, 2020
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
Divide By Zero
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames
CVE-2017-18922
9.8 - Critical
- June 30, 2020
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Memory Corruption
An issue was discovered in LibVNCServer before 0.9.13
CVE-2018-21247
7.5 - High
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
Missing Initialization of Resource
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow
CVE-2019-20839
7.5 - High
- June 17, 2020
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
Classic Buffer Overflow
An issue was discovered in LibVNCServer before 0.9.13
CVE-2019-20840
7.5 - High
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
Memory Corruption
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14396
7.5 - High
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
NULL Pointer Dereference
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14397
7.5 - High
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
NULL Pointer Dereference
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14398
7.5 - High
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
Infinite Loop
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14399
7.5 - High
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14400
7.5 - High
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14401
6.5 - Medium
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
Integer Overflow or Wraparound
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14402
5.4 - Medium
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
Memory Corruption
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14403
5.4 - Medium
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
Memory Corruption
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14404
5.4 - Medium
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
Memory Corruption
An issue was discovered in LibVNCServer before 0.9.13
CVE-2020-14405
6.5 - Medium
- June 17, 2020
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
Allocation of Resources Without Limits or Throttling
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow
CVE-2019-20788
9.8 - Critical
- April 23, 2020
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
Memory Corruption
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which
CVE-2019-15681
7.5 - High
- October 29, 2019
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Improper Initialization
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c
CVE-2018-20750
9.8 - Critical
- January 30, 2019
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
Memory Corruption
An issue was discovered in LibVNCServer through 0.9.11
CVE-2018-7225
9.8 - Critical
- February 19, 2018
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Libvncserverproject? Click the Watch button to subscribe.
