Libvncserver Project

libvncserver_project

12 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-32854 1Libvncserver Project 1Libvncserver Mar 25, 2026 Mar 24, 2026 6.3 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a den...Show more LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.Show less
CVE-2026-32853 1Libvncserver Project 1Libvncserver Mar 25, 2026 Mar 24, 2026 6.9 MEDIUM· v4 8.1 HIGH· v3 N/A· v2 LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or appl...Show more LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.Show less
CVE-2020-29260 2Debian Libvncserver Project 2Debian Linux Libvncserver Nov 21, 2024 Sep 2, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
CVE-2020-25708 3Debian Libvncserver ProjectRedhat 3Debian Linux Enterprise LinuxLibvncserver Nov 21, 2024 Nov 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exceptio...Show more A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.Show less
CVE-2017-18922 5Canonical FedoraprojectLibvncserver Project+2 more 10Fedora LeapLibvncserver+7 more Nov 21, 2024 Jun 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, cau...Show more It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.Show less
CVE-2020-14401 4Debian Libvncserver ProjectOpensuse+1 more 9Debian Linux LeapLibvncserver+6 more Nov 21, 2024 Jun 17, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2020-14400 4Canonical DebianLibvncserver Project+1 more 4Debian Linux LeapLibvncserver+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no kn...Show more An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundaryShow less
CVE-2020-14399 4Canonical DebianLibvncserver Project+1 more 4Debian Linux LeapLibvncserver+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.
CVE-2010-5304 2Fedoraproject Libvncserver Project 2Fedora Libvncserver Nov 21, 2024 Feb 5, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCut...Show more A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.Show less
CVE-2018-7225 4Canonical DebianLibvncserver Project+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Feb 19, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspe...Show more An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.Show less
CVE-2016-9942 1Libvncserver Project 1Libvncserver May 6, 2026 Dec 31, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdat...Show more Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.Show less
CVE-2016-9941 1Libvncserver Project 1Libvncserver May 6, 2026 Dec 31, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUp...Show more Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.Show less