libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
Created libvncserver tracking bugs for this issue:
Affects: epel-7 [bug 1849879]
Affects: fedora-all [bug 1849878]
This is only an issue if the "ConnectClientToUnixSock()" function is used directly with an overly long socket name. It's more common that the "ConnectToRFBServer()" function is used, which would prevent exploiting this flaw as it performs additional checks. Additionally, the buffer overflow is caught by compiled-in buffer overflow checks, limiting the impact to a crash.