CVE-2019-20788

Published: 23 April 2020

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

Priority

Cvss 3 Severity Score

9.8

Score breakdown

Status

Package	Release	Status
libvncserver Launchpad, Ubuntu, Debian	bionic	Released (0.9.11+dfsg-1ubuntu1.2)
	eoan	Released (0.9.11+dfsg-1.3ubuntu0.1)
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Released (0.9.10+dfsg-3ubuntu0.16.04.4)
	Patches: upstream: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
x11vnc Launchpad, Ubuntu, Debian	bionic	Needs triage
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needs triage
	kinetic	Needs triage
	precise	Does not exist
	trusty	Needs triage
	upstream	Needs triage
	xenial	Needs triage

Severity score breakdown

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›