CVE-2018-7225

Priority
Description
An issue was discovered in LibVNCServer through 0.9.11.
rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access to uninitialized and potentially
sensitive data or possibly unspecified other impact (e.g., an integer
overflow) via specially crafted VNC packets.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [0.9.9+dfsg-1ubuntu1.3])
Ubuntu 16.04 LTS (Xenial Xerus):released (0.9.10+dfsg-3ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.9.11+dfsg-1ubuntu1)
Patches:
Upstream:https://github.com/LibVNC/libvncserver/commit/28afb6c537dc82ba04d5f245b15ca7205c6dbb9c
More Information

Updated: 2020-07-28 20:05:34 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)