VDB
DEBIAN-CVE-2018-7225
DEBIAN-CVE-2018-7225
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Risk Scores
CVSS v3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | tightvnc | 0, 0, 0 |
| Debian:11 | vino | 0, 0, 0 |
| Debian:11 | libvncserver | 0, 0, 0 |
| Debian:14 | tightvnc | 0, 0, 0 |
| Debian:12 | tightvnc | 0, 0, 0 |
| Debian:11 | tightvnc | 0, 0, 0 |
| Debian:14 | libvncserver | 0, 0, 0 |
| Debian:12 | vino | 0, 0, 0 |
| Debian:13 | libvncserver | 0, 0, 0 |
| Debian:12 | libvncserver | 0, 0, 0 |
Timeline
- Feb 19, 2018 CVE Published
- Apr 28, 2026 CVE Updated