Vulnerabilities > Libvncserver Project

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2020-29260 Resource Exhaustion vulnerability in multiple products
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
network
low complexity
libvncserver-project debian CWE-400
7.5
2020-11-27 CVE-2020-25708 Divide By Zero vulnerability in multiple products
A divide by zero issue was found to occur in libvncserver-0.9.12.
network
low complexity
libvncserver-project redhat debian CWE-369
7.5
2020-06-30 CVE-2017-18922 Out-of-bounds Write vulnerability in multiple products
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames.
9.8
2020-06-17 CVE-2020-14401 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer before 0.9.13.
6.5
2020-06-17 CVE-2020-14400 An issue was discovered in LibVNCServer before 0.9.13. 7.5
2020-06-17 CVE-2020-14399 An issue was discovered in LibVNCServer before 0.9.13. 7.5
2020-02-05 CVE-2010-5304 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message.
network
low complexity
libvncserver-project fedoraproject CWE-476
7.5
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
network
low complexity
libvncserver-project debian canonical redhat CWE-190
critical
9.8
2016-12-31 CVE-2016-9942 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libvncserver Project Libvncserver 0.9.10
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
network
low complexity
libvncserver-project CWE-119
critical
9.8
2016-12-31 CVE-2016-9941 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libvncserver Project Libvncserver
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
network
low complexity
libvncserver-project CWE-119
critical
9.8