Ubuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
d1c1dec0425b1351154dbc2e5d1e29f09c8665e1b8c90126af657be592658be8
Ubuntu Security Notice 4547-1 - It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
e4c50aa2b1573b7262150b8b4b002ebcb5cceb0ae668df08c6e6bc1f95f45750
Gentoo Linux Security Advisory 201908-5 - Multiple vulnerabilities have been found in LibVNCServer, the worst of which could result in the arbitrary execution of code. Versions less than 0.9.12 are affected.
6d1f5188e6497480c4deb3a3df963be2010e2c3b629e2e4e80e06d95103650a7
Debian Linux Security Advisory 4221-1 - Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.
836f52812d9c51553e2be67824d58a661d853e79e2193ac4a05b1a7d0e46b6bc
Red Hat Security Advisory 2018-1055-01 - LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Issues addressed include improper input sanitization.
dda51983cd9a4884ff6dc8297409339b53e655b7d7b106cd9793f7621796d807
Ubuntu Security Notice 3618-1 - It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
94f093bef1d50914cc832a9db3e8e076858d3e6677937a03c041fbb2d17f4935