[3.4] libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c ((CVE-2018-7225)
An issue was discovered in LibVNCServer through 0.9.11.
rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access
to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
(from redmine: issue id 8561, created on 2018-02-23, closed on 2018-08-08)
- parent #8556 (closed)