VulnerableCode Package Details - pkg:deb/ubuntu/vino@3.22.0-5ubuntu2.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-k3m4-tbee-aaar Aliases: CVE-2020-25708	A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.	3.22.0-5ubuntu2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-k3m4-tbee-aaar
Aliases:
CVE-2020-25708

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

3.22.0-5ubuntu2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9v5m-a7zv-aaab	The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.	CVE-2014-6053
VCID-h93x-nurh-aaaj	An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.	CVE-2018-7225
VCID-pnk6-ygur-aaac	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.	CVE-2020-14403
VCID-tnv1-3t49-aaam	LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.	CVE-2019-15681
VCID-ug7x-edut-aaab	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.	CVE-2020-14404
VCID-vw2e-eqq7-aaap	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.	CVE-2020-14397
VCID-zd9h-ppfr-aaae	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.	CVE-2020-14402

Vulnerability

Summary

Aliases

VCID-9v5m-a7zv-aaab

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

CVE-2014-6053

VCID-h93x-nurh-aaaj

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

CVE-2018-7225

VCID-pnk6-ygur-aaac

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

CVE-2020-14403

VCID-tnv1-3t49-aaam

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

CVE-2019-15681

VCID-ug7x-edut-aaab

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

CVE-2020-14404

VCID-vw2e-eqq7-aaap

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

CVE-2020-14397

VCID-zd9h-ppfr-aaae

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.

CVE-2020-14402

Next non-vulnerable version	3.22.0-5ubuntu2.2
Latest non-vulnerable version	3.22.0-5ubuntu2.2
Risk	3.4