VDB

ALPINE-CVE-2018-7225

ALPINE-CVE-2018-7225 PUBLISHED CVSS 9.800000190734863 CRITICAL

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Risk Scores

CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.5libvncserver0, 0, 0.9.10-r2
Alpine:v3.8libvncserver0.9.11-r1, 0.9.11-r0, 0.9.10-r1
Alpine:v3.7libvncserver0.9.10-r1, 0, 0.9.10-r0
Alpine:v3.6libvncserver0.9.10-r0, 0.9.10-r1, 0.9.11-r0
Alpine:v3.10libvncserver0, 0.9.11-r1, 0.9.11-r0
Alpine:v3.11libvncserver0.9.11-r1, 0, 0.9.11-r1
Alpine:v3.9libvncserver0, 0.9.10-r0, 0.9.10-r1

Timeline

  • Feb 19, 2018 CVE Published
  • Nov 19, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›