Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

libvncserver project libvncserver vulnerabilities and exploits

(subscribe to this query)
1000
VMScore

CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer prior to 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the clie...
Libvncserver Project Libvncserver
1000
VMScore

CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer prior to 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payl...
Libvncserver Project Libvncserver 0.9.10
850
VMScore

CVE-2020-29260

libvncclient v0.9.13 exists to contain a memory leak via the function rfbClientCleanup().
Libvncserver Project Libvncserver 0.9.13Debian Debian Linux 10.0
850
VMScore

CVE-2010-5304

A NULL pointer dereference flaw was found in the way LibVNCServer prior to 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
Libvncserver Project LibvncserverFedoraproject Fedora 19Fedoraproject Fedora 20Fedoraproject Fedora 21
850
VMScore

CVE-2020-25708

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
Libvncserver Project Libvncserver 0.9.12Redhat Enterprise Linux 6.0Redhat Enterprise Linux 7.0Redhat Enterprise Linux 8.0Debian Debian Linux 10.0
850
VMScore

CVE-2020-14399

An issue exists in LibVNCServer prior to 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.
Libvncserver Project LibvncserverDebian Debian Linux 8.0Debian Debian Linux 9.0Opensuse Leap 15.1Opensuse Leap 15.2Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04
850
VMScore

CVE-2020-14400

An issue exists in LibVNCServer prior to 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary
Libvncserver Project LibvncserverDebian Debian Linux 8.0Debian Debian Linux 9.0Opensuse Leap 15.1Opensuse Leap 15.2Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04
750
VMScore

CVE-2020-14401

An issue exists in LibVNCServer prior to 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
Libvncserver Project LibvncserverDebian Debian Linux 8.0Debian Debian Linux 9.0Opensuse Leap 15.1Opensuse Leap 15.2Siemens Simatic Itc1500 FirmwareSiemens Simatic Itc1500 Pro FirmwareSiemens Simatic Itc1900 FirmwareSiemens Simatic Itc1900 Pro FirmwareSiemens Simatic Itc2200 FirmwareSiemens Simatic Itc2200 Pro Firmware
1000
VMScore

CVE-2017-18922

It exists that websockets.c in LibVNCServer before 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Libvncserver Project LibvncserverCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 19.10Canonical Ubuntu Linux 20.04Opensuse Leap 15.1Opensuse Leap 15.2Fedoraproject Fedora 31Fedoraproject Fedora 32Siemens Simatic Itc1500 FirmwareSiemens Simatic Itc1500 Pro FirmwareSiemens Simatic Itc1900 Firmware
850
VMScore

CVE-2018-20022

LibVNC prior to 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows malicious user to read stack memory and can be abuse for information disclosure. Combined with another vulnerability...
Libvnc Project LibvncserverDebian Debian Linux 8.0Debian Debian Linux 9.0Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10
Preferred Score:
VMScore
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-25291CVE-2025-29358download managervisual bacnet capture toolgolang.org/x/netCVE-2025-1429log injectioncodename065local usersCVE-2025-29359CVE-2025-27363CVE-2025-2104wireless
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook