LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. Upstream patch: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707 Upstream issue: https://github.com/LibVNC/libvncserver/issues/273
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1661116] Affects: fedora-all [bug 1661115]