rpm package
suse/LibVNCServer&distro=SUSE Linux Enterprise Server 12 SP2
pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-7225 | — | < 0.9.9-17.5.1 | 0.9.9-17.5.1 | Feb 19, 2018 | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via speciall | ||
| CVE-2016-9942 | Cri | 9.8 | < 0.9.9-17.5.1 | 0.9.9-17.5.1 | Dec 31, 2016 | Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payloa | |
| CVE-2016-9941 | Cri | 9.8 | < 0.9.9-17.5.1 | 0.9.9-17.5.1 | Dec 31, 2016 | Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client |
- CVE-2018-7225Feb 19, 2018affected < 0.9.9-17.5.1fixed 0.9.9-17.5.1
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via speciall
- affected < 0.9.9-17.5.1fixed 0.9.9-17.5.1
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payloa
- affected < 0.9.9-17.5.1fixed 0.9.9-17.5.1
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client