Unrated severityOSV Advisory· Published Dec 19, 2018· Updated Aug 5, 2024

CVE-2018-20019

Description

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

LibVNC client code before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write flaws that can lead to remote code execution.

Vulnerability

LibVNC (LibVNCServer/LibVNCClient) prior to commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f (corresponding to version 0.9.12) contains multiple heap-based out-of-bounds write vulnerabilities in the VNC client code. An affected application using the library as a VNC client can be exploited when connecting to a malicious server [1][2].

Exploitation

No authentication is required for the attacker; they need only run a malicious VNC server that sends crafted data to the connecting client. The client must initiate a connection to the attacker-controlled server, requiring user interaction (e.g., clicking a link or opening a VNC session) [1]. The heap out-of-bounds writes are triggered during parsing of server responses [1].

Impact

Successful exploitation allows the attacker to achieve remote code execution within the context of the affected application (e.g., a VNC client), potentially leading to full system compromise [1][2].

Mitigation

LibVNC fixed these vulnerabilities in commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f and version 0.9.12 (released September 2018). Users should upgrade to version 0.9.12 or later. There is no known workaround [1][2].

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Libvncserver/LibvncserverOSV
Range: LibVNCServer-0.9.10, LibVNCServer-0.9.11, LibVNCServer-0.9.8, …
Libvncserver/LibVNCllm-fuzzy
osv-coords23 versions
pkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207
< 0.9.10-lp150.3.3.1+ 22 more
- (no CPE)range: < 0.9.10-lp150.3.3.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.9-17.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/201908-05mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3877-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4547-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4587-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4383mitrevendor-advisoryx_refsource_DEBIAN
cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfmitrex_refsource_CONFIRM
ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000