LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM External Reference: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/ Upstream Patch: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1661122] Affects: fedora-all [bug 1661121]
Upstream Issue: https://github.com/LibVNC/libvncserver/issues/251
I suspect that this was introduced by https://github.com/LibVNC/libvncserver/commit/79d938c16bf7a14b6d6ee290bcfef3c01f9c4f02 - which fixed a divbyzero.