{"id":"CVE-2020-14397","details":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.","modified":"2026-04-16T04:36:00.453138449Z","published":"2020-06-17T16:15:11.773Z","related":["ALSA-2021:1811","SUSE-SU-2020:14424-1","SUSE-SU-2020:1922-1","SUSE-SU-2020:2167-1","openSUSE-SU-2020:0988-1","openSUSE-SU-2020:1025-1","openSUSE-SU-2020:1056-1","openSUSE-SU-2024:10598-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/4434-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"},{"type":"ADVISORY","url":"https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4573-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"},{"type":"FIX","url":"https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvnc/libvncserver","events":[{"introduced":"0"},{"last_affected":"0a70095271d845d16a3ed17354841b01f33963ad"},{"fixed":"38e98ee61d74f5f5ab4aa4c77146faad1962d6d0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.12"}]}}],"versions":["LibVNCServer-0.9.10","LibVNCServer-0.9.11","LibVNCServer-0.9.12","LibVNCServer-0.9.8","LibVNCServer-0.9.9","X11VNC_0_9_10","X11VNC_0_9_11","X11VNC_0_9_12","X11VNC_0_9_7","X11VNC_0_9_8","X11VNC_0_9_9","X11VNC_REL_0_9_4","X11VNC_REL_0_9_5","X11VNC_REL_0_9_6"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"3.0.0.0"},{"fixed":"3.2.1.0"}]},{"events":[{"introduced":"3.0.0.0"},{"fixed":"3.2.1.0"}]},{"events":[{"introduced":"3.0.0.0"},{"fixed":"3.2.1.0"}]},{"events":[{"introduced":"3.0.0.0"},{"fixed":"3.2.1.0"}]},{"events":[{"introduced":"3.0.0.0"},{"fixed":"3.2.1.0"}]},{"events":[{"introduced":"3.0.0.0"},{"fixed":"3.2.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]}],"vanir_signatures_modified":"2026-04-11T21:19:52Z","vanir_signatures":[{"signature_version":"v1","id":"CVE-2020-14397-57138274","digest":{"length":564,"function_hash":"297202612131400419264101244022029335570"},"target":{"file":"libvncserver/rfbserver.c","function":"rfbClientIteratorNext"},"deprecated":false,"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_type":"Function"},{"signature_version":"v1","id":"CVE-2020-14397-62fecc1c","digest":{"length":129,"function_hash":"35943597304556728290599649561873686848"},"target":{"file":"libvncserver/rfbregion.c","function":"sraSpanRemove"},"deprecated":false,"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_type":"Function"},{"signature_version":"v1","target":{"file":"libvncserver/rfbregion.c","function":"sraSpanInsertBefore"},"digest":{"length":177,"function_hash":"13375577804589520980869365028992005452"},"id":"CVE-2020-14397-7db584a1","deprecated":false,"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_type":"Function"},{"signature_version":"v1","id":"CVE-2020-14397-b286e04f","digest":{"length":177,"function_hash":"308180803968003756632479985064601731480"},"target":{"file":"libvncserver/rfbregion.c","function":"sraSpanInsertAfter"},"deprecated":false,"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_type":"Function"},{"signature_version":"v1","id":"CVE-2020-14397-c6e68006","digest":{"line_hashes":["129789622784888703049761371788375090829","192021373110556373924439968139735438884","61072920218535349534747548085317793870","290028638275504518166892205271637573622","309529031156275530272242272036928506489","63814239015190438186515325761625769582","305345191105789934771957096566624699162","164856137291477852452065722557293518470","258276280196864558935373940393721172142","260530719255116134297278517836890348386","219211903808393606215952572397156439919","164379770128048257586355656012362062922","49864376157076557018843636422687187024","326415775950170687086498577993376834425","176015776013475282985826867223578781969","188226683699824686304425512567088681309","87338811101464322177305173082397686098","338038670024466485237077130119798763896","200654883490875339150761829742367690988"],"threshold":0.9},"target":{"file":"libvncserver/rfbregion.c"},"deprecated":false,"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_type":"Line"},{"signature_version":"v1","target":{"file":"libvncserver/rfbserver.c"},"digest":{"line_hashes":["188611924461224704302489486341034162652","45100662802048171843781279201327666989","228183687346468758546468784391674645379","112246271884870165818073004635834463683","322962774470696617483175220566020184863","276446598387385854228408982083396903462","318670290681636359680857980044567325665","28880945584438269491008089576739099616"],"threshold":0.9},"id":"CVE-2020-14397-dcee1ebf","deprecated":false,"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_type":"Line"},{"signature_version":"v1","id":"CVE-2020-14397-ddcdae11","digest":{"length":105,"function_hash":"57427340694778193739664377224873694190"},"target":{"file":"libvncserver/rfbserver.c","function":"rfbReleaseClientIterator"},"deprecated":false,"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14397.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}