libvncserver_project

libvncserver

10 known vulnerabilities · sorted by CVSS score

CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

libvncserver_project / libvncserver+14

Network

Published Jun 30, 2020

CVE-2018-7225

CRITICAL9.8

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

libvncserver_project / libvncserver+13

Network

Published Feb 19, 2018

CVE-2026-32853

HIGH8.1

LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.

libvncserver_project / libvncserver

Network

Published Mar 24, 2026

CVE-2026-32854

HIGH7.5

LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.

libvncserver_project / libvncserver

Network

Published Mar 24, 2026

CVE-2010-5304

HIGH7.5

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

libvncserver_project / libvncserver+3

Network

Published Feb 5, 2020

CVE-2020-14399

HIGH7.5

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.

libvncserver_project / libvncserver+7

Network

Published Jun 17, 2020

CVE-2020-25708

HIGH7.5

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

libvncserver_project / libvncserver+4

Network

Published Nov 27, 2020

CVE-2020-14400

HIGH7.5

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary

libvncserver_project / libvncserver+7

Network

Published Jun 17, 2020

CVE-2020-29260

HIGH7.5

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

libvncserver_project / libvncserver+1

Network

Published Sep 2, 2022

CVE-2020-14401

MEDIUM6.5

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.

libvncserver_project / libvncserver+10

Network

Published Jun 17, 2020