Fluid Attacks Database

Description

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
debian 12	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
debian 13	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
debian 14	libvncserver	>=0 <0.9.11+dfsg-1.2	0.9.11+dfsg-1.2
rpm rhel7	libvncserver	-	-
rpm rhel6	libvncserver	-	-
rpm rhel8	libvncserver	-	-

Aliases

1. CVE-2018-200192. NVD-2018-200193. OSV-DEBIAN-2018-200194. OSV-2018-200195. SECURITY-TRACKER-CVE-2018-20019

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.