Vulnerability CVE-2020-14401: Information

Description

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-14401
Published: June 17, 2020
Modified: March 10, 2022
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libvncserversisyphus0.9.13-alt10.9.14-alt1ALT-PU-2020-2671-1256807Fixed
libvncserverp100.9.13-alt10.9.14-alt1ALT-PU-2020-2671-1256807Fixed
libvncserverp90.9.13-alt10.9.13-alt1ALT-PU-2020-2694-1256808Fixed
libvncserverc10f10.9.13-alt10.9.13-alt3ALT-PU-2020-2671-1256807Fixed
libvncserverc9f20.9.13-alt10.9.13-alt3ALT-PU-2020-2694-1256808Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
  • Patch
  • Third Party Advisory
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13
  • Release Notes
  • Third Party Advisory
[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:0988
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:1025
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:1056
  • Mailing List
  • Third Party Advisory
USN-4434-1
  • Third Party Advisory
[debian-lts-announce] 20200828 [SECURITY] [DLA 2347-1] libvncserver security update
  • Mailing List
  • Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
  • Patch
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:libvncserver_project:libvncserver:*:*:*:*:*:*:*:*
      End excliding
      0.9.13

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
      cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*

      Configuration 7

      cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*

      Configuration 8

      cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*

      Configuration 9

      cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top