VulnerableCode Package Details - pkg:deb/ubuntu/libvncserver@0.9.12%2Bdfsg-9ubuntu0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-k3m4-tbee-aaar Aliases: CVE-2020-25708	A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.	0.9.12+dfsg-9ubuntu0.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-k3m4-tbee-aaar
Aliases:
CVE-2020-25708

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

0.9.12+dfsg-9ubuntu0.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2yuk-ws73-aaad	An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.	CVE-2020-14396
VCID-58u6-hetu-aaac	libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.	CVE-2019-20839
VCID-dxca-z5tc-aaan	An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.	CVE-2020-14398
VCID-frbk-ddpp-aaag	An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary	CVE-2020-14400
VCID-pnk6-ygur-aaac	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.	CVE-2020-14403
VCID-rr1x-acxw-aaaj	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.	CVE-2020-14401
VCID-sfbs-7g9d-aaae	An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.	CVE-2020-14405
VCID-ug7x-edut-aaab	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.	CVE-2020-14404
VCID-vw2e-eqq7-aaap	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.	CVE-2020-14397
VCID-xfj3-nxu6-aaag	An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.	CVE-2020-14399
VCID-zd9h-ppfr-aaae	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.	CVE-2020-14402

Vulnerability

Summary

Aliases

VCID-2yuk-ws73-aaad

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

CVE-2020-14396

VCID-58u6-hetu-aaac

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

CVE-2019-20839

VCID-dxca-z5tc-aaan

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

CVE-2020-14398

VCID-frbk-ddpp-aaag

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary

CVE-2020-14400

VCID-pnk6-ygur-aaac

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

CVE-2020-14403

VCID-rr1x-acxw-aaaj

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.

CVE-2020-14401

VCID-sfbs-7g9d-aaae

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

CVE-2020-14405

VCID-ug7x-edut-aaab

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

CVE-2020-14404

VCID-vw2e-eqq7-aaap

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

CVE-2020-14397

VCID-xfj3-nxu6-aaag

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.

CVE-2020-14399

VCID-zd9h-ppfr-aaae

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.

CVE-2020-14402

Next non-vulnerable version	0.9.12+dfsg-9ubuntu0.3
Latest non-vulnerable version	0.9.12+dfsg-9ubuntu0.3
Risk	3.4