Fluid Attacks Database

Description

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1
debian 11	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1
debian 13	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1
debian 14	libvncserver	>=0 <0.9.13+dfsg-1	0.9.13+dfsg-1

Aliases

1. CVE-2020-144002. NVD-2020-144003. OSV-DEBIAN-2020-144004. OSV-2020-144005. SECURITY-TRACKER-CVE-2020-14400

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.