Solardiz

**Name of the Vulnerable Software and Affected Versions** LibVNC/vncterm versions through 0.9.10 **Description** An issue was discovered in the `vcSetXCutTextProc()` function in VNConsole.c, potentially causing integer overflow or unspecified other impact due to missing sanitization of the client-specified message length. This could be exploited via a specially crafted VNC packet. **Recommendations** For versions through 0.9.10, consider restricting access to the `vcSetXCutTextProc()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.