{"id":"CVE-2020-29074","details":"scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.","modified":"2026-04-16T04:39:58.597399228Z","published":"2020-11-25T23:15:11.300Z","related":["openSUSE-SU-2024:11496-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2FLWSVH32O6JXLRQBYDQLP7XRSTLUPQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MHVXHZE3YIP4RTWGQ24IDBSW44XPRDOC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZL6NQTNK5PT63D2JX5YVV5OLUL76S5C/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00018.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4799"},{"type":"FIX","url":"https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvnc/x11vnc","events":[{"introduced":"0"},{"last_affected":"4ca006fed80410bd9b061a1519bd5d9366bb0bc8"},{"fixed":"69eeb9f7baa14ca03b16c9de821f9876def7a36a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.16"}]}}],"versions":["0.9.14","0.9.15","0.9.16"],"database_specific":{"vanir_signatures_modified":"2026-04-11T16:25:36Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29074.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"vanir_signatures":[{"id":"CVE-2020-29074-16496eb1","signature_type":"Line","source":"https://github.com/libvnc/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["56740894291832566308400293842992874083","35125186519063144221375988472889355695","20298482367566999856091248652949110519","126259484339115188972053899482603857563"]},"target":{"file":"src/scan.c"},"deprecated":false},{"id":"CVE-2020-29074-32a2291b","signature_type":"Function","signature_version":"v1","source":"https://github.com/libvnc/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a","digest":{"length":2481,"function_hash":"105144691058749000443747703101666032586"},"deprecated":false,"target":{"file":"src/scan.c","function":"shm_create"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}