Several vulnerabilities have been discovered in libVNC (libvncserver Debian package), an
implemenantation of the VNC server and client protocol.
libvncclient/sockets.c in LibVNCServer had a buffer overflow via a
long socket filename.
libvncserver/rfbregion.c had a NULL pointer dereference.
Byte-aligned data was accessed through uint32_t pointers in
Byte-aligned data was accessed through uint16_t pointers in
libvncserver/scale.c had a pixel_value integer overflow.
libvncserver/corre.c allowed out-of-bounds access via encodings.
libvncserver/hextile.c allowed out-of-bounds access via encodings.
libvncserver/rre.c allowed out-of-bounds access via encodings.
libvncclient/rfbproto.c does not limit TextChat size.