Fluid Attacks Database

Description

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libvncserver	>=0 <0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
debian 13	veyon	>=0 <4.1.7+repack1-1	4.1.7+repack1-1
debian 12	libvncserver	>=0 <0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
debian 14	libvncserver	>=0 <0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
debian 11	veyon	>=0 <4.1.7+repack1-1	4.1.7+repack1-1
debian 14	veyon	>=0 <4.1.7+repack1-1	4.1.7+repack1-1
debian 13	libvncserver	>=0 <0.9.11+dfsg-1.3	0.9.11+dfsg-1.3
debian 12	veyon	>=0 <4.1.7+repack1-1	4.1.7+repack1-1
rpm rhel8	libvncserver	-	-
rpm rhel7	libvncserver	-	-

1-10 of 11

Aliases

1. CVE-2018-207482. NVD-2018-207483. OSV-DEBIAN-2018-207484. OSV-2018-207485. SECURITY-TRACKER-CVE-2018-20748

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.