LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution. External Reference: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/ Upstream Patch: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1661119] Affects: fedora-all [bug 1661118]
Upstream Issue: https://github.com/LibVNC/libvncserver/issues/250