Fluid Attacks Database

Description

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libvncserver	>=0 <0.9.12+dfsg-9	0.9.12+dfsg-9
debian 14	libvncserver	>=0 <0.9.12+dfsg-9	0.9.12+dfsg-9
debian 12	libvncserver	>=0 <0.9.12+dfsg-9	0.9.12+dfsg-9
debian 11	libvncserver	>=0 <0.9.12+dfsg-9	0.9.12+dfsg-9
rpm rhel8	libvncserver	<0:0.9.11-9.el8_1.2	0:0.9.11-9.el8_1.2
rpm rhel7	libvncserver	<0:0.9.9-14.el7_7	0:0.9.9-14.el7_7

Aliases

1. CVE-2019-207882. NVD-2019-207883. OSV-DEBIAN-2019-207884. OSV-2019-207885. SECURITY-TRACKER-CVE-2019-20788

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.