Primary

Context

LibVNCServer Heap Buffer Overflow Vulnerability in HandleCursorShape Function Allowing Remote Code Execution

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in LibVNCServer versions through 0.9.12. The issue arises in the HandleCursorShape() function within libvncclient/cursor.c, where an attacker can send cursor shapes with specially crafted dimensions. This exploitation can lead to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users are advised to update LibVNCServer to version 0.9.12 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibVNCServer Heap Buffer Overflow Vulnerability in HandleCursorShape Function Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

LibVNCServer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating