Your submission was sent successfully! Close

CVE-2018-20750

Published: 30 January 2019

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
italc
Launchpad, Ubuntu, Debian
bionic
Released (1:3.0.3+dfsg1-3ubuntu0.1)
focal Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
xenial
Released (1:2.0.2+dfsg1-4ubuntu0.1)
libvncserver
Launchpad, Ubuntu, Debian
bionic
Released (0.9.11+dfsg-1ubuntu1.1)
cosmic
Released (0.9.11+dfsg-1.1ubuntu0.1)
disco Not vulnerable
(0.9.11+dfsg-1.3)
focal Not vulnerable
(0.9.11+dfsg-1.3)
precise Does not exist

trusty Does not exist
(trusty was released [0.9.9+dfsg-1ubuntu1.4])
upstream
Released (0.9.11+dfsg-1.3)
xenial
Released (0.9.10+dfsg-3ubuntu0.16.04.3)
Patches:
upstream: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
x11vnc
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses shared libvnc)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(uses shared libvnc)
focal Not vulnerable
(uses shared libvnc)
precise Does not exist

trusty Not vulnerable
(uses shared libvnc)
upstream Needs triage

xenial Not vulnerable
(uses shared libvnc)