LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 7 | RedHat | libvncserver-0:0.9.9-14.el7_7 | * |
Red Hat Enterprise Linux 8 | RedHat | libvncserver-0:0.9.11-9.el8_1.2 | * |
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | RedHat | libvncserver-0:0.9.11-9.el8_0.2 | * |
Libvncserver | Ubuntu | bionic | * |
Libvncserver | Ubuntu | eoan | * |
Libvncserver | Ubuntu | esm-infra/bionic | * |
Libvncserver | Ubuntu | esm-infra/focal | * |
Libvncserver | Ubuntu | esm-infra/xenial | * |
Libvncserver | Ubuntu | focal | * |
Libvncserver | Ubuntu | trusty | * |
Libvncserver | Ubuntu | xenial | * |
X11vnc | Ubuntu | bionic | * |
X11vnc | Ubuntu | eoan | * |
X11vnc | Ubuntu | focal | * |
X11vnc | Ubuntu | groovy | * |
X11vnc | Ubuntu | hirsute | * |
X11vnc | Ubuntu | impish | * |
X11vnc | Ubuntu | kinetic | * |
X11vnc | Ubuntu | lunar | * |
X11vnc | Ubuntu | mantic | * |
X11vnc | Ubuntu | trusty | * |
X11vnc | Ubuntu | trusty/esm | * |
X11vnc | Ubuntu | xenial | * |