Debian: DLA-2347-1 Moderate: Libvncserver Multiple Issues
debian lts
August 28, 2020
Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol
Summary
libvncclient/sockets.c in LibVNCServer had a buffer overflow via a
long socket filename.
CVE-2020-14397
libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-14399
Byte-aligned data was accessed through uint32_t pointers in
libvncclient/rfbproto.c.
NOTE: This issue has been disputed by third parties; there is
reportedly "no trust boundary crossed".
CVE-2020-14400
Byte-aligned data was accessed through uint16_t pointers in
libvncserver/translate.c.
NOTE: This issue has been disputed by third parties. There is no
known path of exploitation or cross of a trust boundary.
CVE-2020-14401
libvncserver/scale.c had a pixel_value integer overflow.
CVE-2020-14402
libvncserver/corre.c allowed out-of-bounds access via encodings.
CVE-2020-14403
libvncserver/hextile.c allowed out-of-bounds access via encodings.
CVE-2020-14404
libvncserver/rre.c allowed out-of-bounds access via encodings.
CVE-2020-14405
PREVIOUS 
NEXT -------------------------------------------------------------------------Package: libvncserver
Version: 0.9.11+dfsg-1.3~deb9u5
CVE ID: CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!