cbcvebase.

Libvncserver Project Libvncserver vulnerabilities

44 known vulnerabilities affecting libvncserver_project/libvncserver.

Total CVEs
44
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH24MEDIUM8

Vulnerabilities

Page 1 of 3
CVE-2018-15127P2CRITICALCVSS 9.8≥ 0, < 0.9.11+dfsg-1.22018-12-19
CVE-2018-15127 [CRITICAL] CVE-2018-15127: LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
osv
CVE-2018-6307P3HIGHCVSS 8.1≥ 0, < 0.9.11+dfsg-1.22018-12-19
CVE-2018-6307 [HIGH] CVE-2018-6307: LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension tha LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
osv
CVE-2018-20019P2CRITICALCVSS 9.8≥ 0, < 0.9.11+dfsg-1.22018-12-19
CVE-2018-20019 [CRITICAL] CVE-2018-20019: LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can re LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
osv
CVE-2018-20020P2CRITICALCVSS 9.8≥ 0, < 0.9.11+dfsg-1.22018-12-19
CVE-2018-20020 [CRITICAL] CVE-2018-20020: LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
osv
CVE-2018-15126P3CRITICALCVSS 9.8≥ 0, < 0.9.11+dfsg-1.22018-12-19
CVE-2018-15126 [CRITICAL] CVE-2018-15126: LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension tha LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
osv
CVE-2017-18922P3CRITICALCVSS 9.8fixed in 0.9.122020-06-30
CVE-2017-18922 [CRITICAL] CWE-787 CVE-2017-18922: It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
nvdosv
CVE-2018-7225P3CRITICALCVSS 9.8≤ 0.9.112018-02-19
CVE-2018-7225 [CRITICAL] CWE-190 CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
nvdosv
CVE-2019-15690P3HIGHCVSS 8.8≥ 0, < 0.9.12+dfsg-92025-01-24
CVE-2019-15690 [HIGH] CVE-2019-15690: LibVNCServer 0 LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
osv
CVE-2016-9942P3CRITICALCVSS 9.8v0.9.102016-12-31
CVE-2016-9942 [CRITICAL] CWE-119 CVE-2016-9942: Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote se Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
nvdosv
CVE-2016-9941P3CRITICALCVSS 9.8≤ 0.9.102016-12-31
CVE-2016-9941 [CRITICAL] CWE-119 CVE-2016-9941: Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
nvdosv
CVE-2018-20748P3CRITICALCVSS 9.8≥ 0, < 0.9.11+dfsg-1.32019-01-30
CVE-2018-20748 [CRITICAL] CVE-2018-20748: LibVNC before 0 LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
osv
CVE-2019-20788P3HIGHCVSS 8.8≥ 0, < 0.9.12+dfsg-92020-04-23
CVE-2019-20788 [HIGH] CVE-2019-20788: libvncclient/cursor libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
osv
CVE-2026-32854P3HIGHCVSS 7.5fixed in 0.9.152026-03-24
CVE-2026-32854 [HIGH] CWE-476 CVE-2026-32854: LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vu LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the
nvdosv
CVE-2018-20750P3CRITICALCVSS 9.8≥ 0, < 0.9.11+dfsg-1.32019-01-30
CVE-2018-20750 [CRITICAL] CVE-2018-20750: LibVNC through 0 LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
osv
CVE-2018-20749P3CRITICALCVSS 9.8≥ 0, < 0.9.11+dfsg-1.32019-01-30
CVE-2018-20749 [CRITICAL] CVE-2018-20749: LibVNC before 0 LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
osv
CVE-2014-6051P3HIGHCVSS 7.5≥ 0, < 0.9.9+dfsg-1ubuntu1.12014-09-29
CVE-2014-6051 [HIGH] libvncserver vulnerabilities libvncserver vulnerabilities Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052) Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote a
osv
CVE-2019-15681P3HIGHCVSS 7.5≥ 0, < 0.9.12+dfsg-32019-10-29
CVE-2019-15681 [HIGH] CVE-2019-15681: LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read sta LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack app
osv
CVE-2014-6052P3HIGHCVSS 7.5≥ 0, < 0.9.9+dfsg-6.12014-12-15
CVE-2014-6052 [HIGH] CVE-2014-6052: The HandleRFBServerMessage function in libvncclient/rfbproto The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
osv
CVE-2006-2450P3HIGHCVSS 7.5≥ 0, < 0.8.2-12006-07-18
CVE-2006-2450 [HIGH] CVE-2006-2450: auth auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
osv
CVE-2018-20022P3HIGHCVSS 7.5≥ 0, < 0.9.11+dfsg-1.22018-12-19
CVE-2018-20022 [HIGH] CVE-2018-20022: LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory la
osv
Libvncserver Project Libvncserver vulnerabilities | cvebase