CVE-2018-7226

Name of the Vulnerable Software and Affected Versions LibVNC/vncterm versions through 0.9.10

Description An issue was discovered in the vcSetXCutTextProc() function in VNConsole.c, potentially causing integer overflow or unspecified other impact due to missing sanitization of the client-specified message length. This could be exploited via a specially crafted VNC packet.

Recommendations For versions through 0.9.10, consider restricting access to the vcSetXCutTextProc() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.