LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. Upstream patch: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec Upstream issue: https://github.com/LibVNC/libvncserver/issues/273
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1661116] Affects: fedora-all [bug 1661115]