LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. External Reference: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/ Upstream Patch: https://github.com/LibVNC/libvncserver/commit/ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1661138] Affects: fedora-all [bug 1661137]
Upstream Issue: https://github.com/LibVNC/libvncserver/issues/241
Reference: https://seclists.org/oss-sec/2018/q4/212
Statement: This issue did not affect the versions of libvncserver as shipped with Red Hat Enterprise Linux 6 and 7, as they did not include support for tightvnc file transfer.