Integer Overflow and Buffer Overflow in LibVNCServer Affects Multiple Platforms
CVE-2019-20788

9.8CRITICAL

Key Information:

Vendor
Libvnc Project
Status
Libvncserver
Vendor
CVE Published:
23 April 2020

Summary

The HandleCursorShape function in the cursor.c file of LibVNCServer versions prior to 0.9.12 is susceptible to an integer overflow and heap-based buffer overflow, which can occur when handling large height or width values. This vulnerability may potentially allow an attacker to execute arbitrary code or cause a denial of service by crafting malicious VNC messages. Developers and users are advised to update to patched versions to mitigate these risks. Note that this vulnerability may have implications overlapping with another identified issue.

References

https://github.com/LibVNC/libvncserver/commit/54220248886...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4407-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.