Ubuntu update for libvncserver



| Updated: 2025-04-23
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2019-20839
CVE-2019-20840
CVE-2020-14396
CVE-2020-14397
CVE-2020-14398
CVE-2020-14399
CVE-2020-14400
CVE-2020-14401
CVE-2020-14402
CVE-2020-14403
CVE-2020-14404
CVE-2020-14405
CWE-ID CWE-119
CWE-476
CWE-835
CWE-200
CWE-190
CWE-770
Exploitation vector Network
Public exploit N/A
Vulnerable software
Ubuntu
Operating systems & Components / Operating system

libvncserver1 (Ubuntu package)
Operating systems & Components / Operating system package or component

libvncclient1 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU29373

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-20839

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary when processing long socket filename in libvncclient/sockets.c in LibVNCServer. A remote attacker can rick the victim to connect to server using a specially crafted configuration file, trigger buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU29372

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-20840

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within hybiReadAndDecode() in libvncserver/ws_decode.c. A remote attacker can create a specially crafted request to the affected LibVNCServer installation and crash the service.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU29383

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14396

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libvncclient/tls_openssl.c. A remote attacker can trick the victim to connect to a malicious server and perform a denial of service (DoS) attack.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU29382

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-14397

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libvncserver/rfbregion.c. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Infinite loop

EUVDB-ID: #VU29381

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-14398

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in libvncclient/sockets.c when closing TCP connections. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU29380

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14399

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU29379

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14400

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU29378

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-14401

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in libvncserver/scale.c when processing data passed via pixel_value. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU29377

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-14402

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing encodings in libvncserver/corre.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU29376

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-14403

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing encodings in libvncserver/hextile.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU29375

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-14404

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing encodings in libvncserver/rre.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU29374

Risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-14405

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in libvncclient/rfbproto.c due to LibVNCServer does not limit TextChat size.A remote attacker who controls a malicious VNC server can send large amounts of data to the client application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package libvncserver to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 20.04

libvncserver1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

libvncclient1 (Ubuntu package): before 0.9.10+dfsg-3ubuntu0.16.04.5

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4434-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###