VulnerableCode Package Details - pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4

Search for packages

Package details: pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4

Essentials
History (21)

purl	pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4

Next non-vulnerable version	0.9.13+dfsg-2+deb11u1
Latest non-vulnerable version	0.9.13+dfsg-2+deb11u1
Risk	4.4

Vulnerabilities affecting this package (18)

Vulnerability	Summary	Fixed by
VCID-1mc5-8kc9-r7fh Aliases: CVE-2019-20840	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-21gw-wymt-j3gb Aliases: CVE-2020-14403	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-2anm-wxtf-ubgq Aliases: CVE-2020-25708	A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-34tt-yamf-xbdy Aliases: CVE-2017-18922	It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-3qks-1d5s-u7a8 Aliases: CVE-2020-14398	An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-66b8-2ss6-wkgz Aliases: CVE-2020-14402	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-7azw-g7z2-pkdu Aliases: CVE-2020-14400	An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-7xhu-p1a5-qbg1 Aliases: CVE-2020-14404	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-9gdb-hqgj-jfcm Aliases: CVE-2019-15690	LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-ak8c-schu-zfe3 Aliases: CVE-2019-20839	libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-amtn-98yp-s3d3 Aliases: CVE-2020-14399	An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-ftsu-ebmx-dufv Aliases: CVE-2020-14401	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-jhre-6uje-5kbc Aliases: CVE-2020-14405	An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-mxf4-fbu7-t7ga Aliases: CVE-2020-29260	libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-t53m-423e-p7dv Aliases: CVE-2019-20788	libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-tbqp-mj6s-17ha Aliases: CVE-2020-14397	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-vjz6-kw2t-cucm Aliases: CVE-2019-15681	LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.
VCID-z1m2-xav4-hbgg Aliases: CVE-2020-14396	An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.	0.9.13+dfsg-2+deb11u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-221d-v1d2-kqhh	LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.	CVE-2018-20748
VCID-srhc-1ujp-57ay	LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.	CVE-2018-20750
VCID-v15x-cjwj-fkcb	LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.	CVE-2018-20749

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:29:09.019776+00:00	Debian Oval Importer	Affected by	VCID-amtn-98yp-s3d3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:53:17.937967+00:00	Debian Oval Importer	Fixing	VCID-v15x-cjwj-fkcb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:41:34.869589+00:00	Debian Oval Importer	Affected by	VCID-vjz6-kw2t-cucm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:36:18.181257+00:00	Debian Oval Importer	Fixing	VCID-srhc-1ujp-57ay	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:26:36.009683+00:00	Debian Oval Importer	Affected by	VCID-34tt-yamf-xbdy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:30:05.901826+00:00	Debian Oval Importer	Affected by	VCID-3qks-1d5s-u7a8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:29:35.611498+00:00	Debian Oval Importer	Affected by	VCID-7xhu-p1a5-qbg1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:07:54.078587+00:00	Debian Oval Importer	Affected by	VCID-1mc5-8kc9-r7fh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:01:36.473259+00:00	Debian Oval Importer	Affected by	VCID-2anm-wxtf-ubgq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:51:23.315205+00:00	Debian Oval Importer	Affected by	VCID-21gw-wymt-j3gb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:42:42.906337+00:00	Debian Oval Importer	Affected by	VCID-66b8-2ss6-wkgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:57:43.915193+00:00	Debian Oval Importer	Affected by	VCID-z1m2-xav4-hbgg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:30:01.730091+00:00	Debian Oval Importer	Affected by	VCID-jhre-6uje-5kbc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:22:22.811974+00:00	Debian Oval Importer	Affected by	VCID-tbqp-mj6s-17ha	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:47:30.774065+00:00	Debian Oval Importer	Affected by	VCID-t53m-423e-p7dv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:35:58.485742+00:00	Debian Oval Importer	Affected by	VCID-7azw-g7z2-pkdu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:17:18.760224+00:00	Debian Oval Importer	Affected by	VCID-ak8c-schu-zfe3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:04:44.006275+00:00	Debian Oval Importer	Affected by	VCID-9gdb-hqgj-jfcm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:51:49.252958+00:00	Debian Oval Importer	Affected by	VCID-ftsu-ebmx-dufv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:46:19.775601+00:00	Debian Oval Importer	Affected by	VCID-mxf4-fbu7-t7ga	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:55:22.537866+00:00	Debian Oval Importer	Fixing	VCID-221d-v1d2-kqhh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0