Vulnerabilities > Libvncserver Project > Libvncserver > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-30 | CVE-2017-18922 | Out-of-bounds Write vulnerability in multiple products It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. network low complexity libvncserver-project canonical opensuse fedoraproject siemens CWE-787 critical | 9.8 |
2018-02-19 | CVE-2018-7225 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in LibVNCServer through 0.9.11. | 9.8 |
2016-12-31 | CVE-2016-9941 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libvncserver Project Libvncserver Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. | 9.8 |
2016-12-31 | CVE-2016-9942 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libvncserver Project Libvncserver 0.9.10 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. | 9.8 |