Vulnerability CVE-2020-14401: Information
Description
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libvncserver | sisyphus | 0.9.13-alt1 | 0.9.14-alt1 | ALT-PU-2020-2671-1 | 256807 | Fixed |
libvncserver | p10 | 0.9.13-alt1 | 0.9.14-alt1 | ALT-PU-2020-2671-1 | 256807 | Fixed |
libvncserver | p9 | 0.9.13-alt1 | 0.9.13-alt1 | ALT-PU-2020-2694-1 | 256808 | Fixed |
libvncserver | c10f1 | 0.9.13-alt1 | 0.9.13-alt3 | ALT-PU-2020-2671-1 | 256807 | Fixed |
libvncserver | c9f2 | 0.9.13-alt1 | 0.9.13-alt3 | ALT-PU-2020-2694-1 | 256808 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af |
|
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 |
|
[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update |
|
openSUSE-SU-2020:0988 |
|
openSUSE-SU-2020:1025 |
|
openSUSE-SU-2020:1056 |
|
USN-4434-1 |
|
[debian-lts-announce] 20200828 [SECURITY] [DLA 2347-1] libvncserver security update |
|
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf |
|