Libvnc Project: >> Libvncserver >> 0.9.12 Security Vulnerabilities
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVSS Score
5.4
EPSS Score
0.014
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVSS Score
5.4
EPSS Score
0.009
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-17
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVSS Score
7.5
EPSS Score
0.035
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
CVSS Score
7.5
EPSS Score
0.016
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.029
Published
2020-06-17
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVSS Score
7.5
EPSS Score
0.018
Published
2020-06-17
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
CVSS Score
9.8
EPSS Score
0.019
Published
2020-04-23