Critical severity9.8NVD Advisory· Published Feb 19, 2018· Updated Jun 17, 2026
CVE-2018-7225
CVE-2018-7225
Description
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- Range: <=0.9.11
- osv-coords10 versionspkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 0.9.1-160.3.1+ 9 more
- (no CPE)range: < 0.9.1-160.3.1
- (no CPE)range: < 0.9.9-17.5.1
- (no CPE)range: < 0.9.9-17.5.1
- (no CPE)range: < 0.9.9-17.5.1
- (no CPE)range: < 0.9.1-160.3.1
- (no CPE)range: < 0.9.9-17.5.1
- (no CPE)range: < 0.9.9-17.5.1
- (no CPE)range: < 0.9.1-160.3.1
- (no CPE)range: < 0.9.9-17.5.1
- (no CPE)range: < 0.9.9-17.5.1
Patches
Vulnerability mechanics
References
14- www.openwall.com/lists/oss-security/2018/02/18/1nvdExploitMailing ListThird Party Advisory
- www.securityfocus.com/bid/103107nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:1055nvdThird Party Advisory
- github.com/LibVNC/libvncserver/issues/218nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/03/msg00035.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3618-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4221nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlnvd
- lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlnvd
- lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlnvd
- security.gentoo.org/glsa/201908-05nvd
- usn.ubuntu.com/4547-1/nvd
- usn.ubuntu.com/4573-1/nvd
- usn.ubuntu.com/4587-1/nvd
News mentions
0No linked articles in our index yet.