CVE-2018-6307
Description
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap use-after-free in LibVNC's file transfer extension allows remote code execution via crafted file transfer requests.
Vulnerability
A heap use-after-free vulnerability exists in the server code of the file transfer extension in LibVNC (LibVNCServer) before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b and prior to version 0.9.12. The flaw occurs when handling file transfer requests, where a freed heap object is accessed, leading to memory corruption [1].
Exploitation
An attacker with network access to a VNC server running a vulnerable version can send specially crafted file transfer extension messages. By manipulating the sequence of file transfer operations, the attacker can trigger a use-after-free condition, potentially achieving code execution [1]. No authentication is required if the VNC server allows file transfer without credentials.
Impact
Successful exploitation results in remote code execution on the VNC server, typically with the privileges of the VNC server process. This can lead to full compromise of the affected system, including data theft, installation of malware, or further lateral movement [1].
Mitigation
The vulnerability is fixed in LibVNCServer version 0.9.12 and the corresponding commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b. Users should upgrade to the latest version. No workarounds are available; disabling the file transfer extension may reduce risk but is not a complete mitigation [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25- Range: LibVNCServer-0.9.10, LibVNCServer-0.9.11, LibVNCServer-0.9.8, …
- Range: before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
- osv-coords23 versionspkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207
< 0.9.10-lp150.3.3.1+ 22 more
- (no CPE)range: < 0.9.10-lp150.3.3.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.1-160.6.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.9-17.8.1
- (no CPE)range: < 0.9.10-4.3.1
- (no CPE)range: < 0.9.9-17.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- usn.ubuntu.com/3877-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4383mitrevendor-advisoryx_refsource_DEBIAN
- ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/12/msg00017.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.