{"id":"MGASA-2018-0198","summary":"Updated libvncserver packages fix security vulnerability","details":"An issue was discovered in LibVNCServer through 0.9.11.\nrfbProcessClientNormalMessage() in rfbserver.c does not sanitize\nmsg.cct.length, leading to access to uninitialized and potentially\nsensitive data or possibly unspecified other impact (e.g., an integer\noverflow) via specially crafted VNC packets (CVE-2018-7225).\n","modified":"2026-02-04T03:03:41.492661Z","published":"2018-04-08T21:37:49Z","related":["CVE-2018-7225"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0198.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22847"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YYNK6ZTW4QSUNWBL3YCZXRC3QMHW7FZK/"}],"affected":[{"package":{"name":"libvncserver","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libvncserver?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.10-1.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0198.json"}},{"package":{"name":"libvncserver","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libvncserver?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.11-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0198.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}