libvncserver: Multiple vulnerabilities (CVE-2019-20839, CVE-2019-20840, CVE-2020-14397, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405)
CVE-2019-20839
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-20839
Patch:
https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
CVE-2019-20840
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-20840
Patch:
https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76
CVE-2020-14397
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14397
Patch:
https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
CVE-2020-14399
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14399
Patch:
https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
CVE-2020-14400
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14400
Patch:
https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
CVE-2020-14401
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14401
Patch:
https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
CVE-2020-14402
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14402
Patch:
https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14403
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14403
Patch:
https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14404
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14404
Patch:
https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14405
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14405
Patch:
https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365