CVE-2018-7225

Priority
Medium
Description
An issue was discovered in LibVNCServer through 0.9.11.
rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access to uninitialized and potentially
sensitive data or possibly unspecified other impact (e.g., an integer
overflow) via specially crafted VNC packets.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (0.9.9+dfsg-1ubuntu1.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.9.10+dfsg-3ubuntu0.16.04.2)
Ubuntu 17.10 (Artful Aardvark):released (0.9.11+dfsg-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.9.11+dfsg-1ubuntu1)
Patches:
Upstream:https://github.com/LibVNC/libvncserver/commit/28afb6c537dc82ba04d5f245b15ca7205c6dbb9c
More Information

Updated: 2018-04-04 16:14:43 UTC (commit 14489)