An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. Upstream commit: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
Created libvncserver tracking bugs for this issue: Affects: epel-7 [bug 1860355] Affects: fedora-all [bug 1860356]
This bug seems to be much more a reliability issue than a security one.
After speaking with upstream, I'm going to set this as not a security issue because there is no known path of exploitation or trust boundary crossing.
Statement: This flaw does not affect versions of vino shipped with Red Hat Enterprise Linux 6, 7, or 8 because vino does not ship the libvncclient. Additionally, Red Hat Product Security does not consider this to be a security vulnerability because no trust boundary is crossed and there is no known path of exploitation. This is a standard software reliability bug.
Filed: https://bugzilla.redhat.com/show_bug.cgi?id=1861883 - RHEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1861879 - RHEL7