CVE-2020-14400
https://notcve.org/view.php?id=CVE-2020-14400
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary ** EN DISPUTA ** Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. Los datos Byte-aligned son accedidos por medio de punteros uint16_t en la biblioteca libvncserver/translate.c. NOTA: Los terceros no consideran que se trate de una vulnerabilidad, ya que no se conoce el camino de la explotación o el cruce de un límite de confianza • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://bugzilla.redhat.com/show_bug.cgi?id=1860361 https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020/06/msg000 •
CVE-2020-14401
https://notcve.org/view.php?id=CVE-2020-14401
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/scale.c presenta un desbordamiento de enteros en la función pixel_value • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020 • CWE-190: Integer Overflow or Wraparound •
CVE-2020-14402
https://notcve.org/view.php?id=CVE-2020-14402
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/corre.c permite un acceso fuera de límites por medio de codificaciones • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020 • CWE-787: Out-of-bounds Write •
CVE-2020-14403
https://notcve.org/view.php?id=CVE-2020-14403
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Se detectó un problema en LibVNCServer versiones anteriores a 0.9.13. La biblioteca libvncserver/hextile.c permite un acceso fuera de límites por medio de codificaciones • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html https://usn.ubuntu.com/4434-1 https://usn.ubuntu.com/4573-1 • CWE-787: Out-of-bounds Write •
CVE-2019-20839 – libvncserver: buffer overflow in ConnectClientToUnixSock()
https://notcve.org/view.php?id=CVE-2019-20839
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. La biblioteca libvncclient/sockets.c en LibVNCServer versiones anteriores a 0.9.13, presenta un desbordamiento de búfer por medio de un nombre de archivo socket largo • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1 https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://lists.debian.org/debian-lts-announce/2020 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •