{"id":"CVE-2018-7226","details":"An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.","modified":"2026-03-14T01:39:03.876965Z","published":"2018-02-19T17:29:00.267Z","references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201908-05"},{"type":"FIX","url":"https://github.com/LibVNC/vncterm/issues/6"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2018/02/18/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvnc/vncterm","events":[{"introduced":"0"},{"last_affected":"254342fe30b3e0735bf0b770ebd9ba1f76b1427e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.10"}]}}],"versions":["0.1","0.9.10"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7226.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}