LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20748.json"
[
{
"id": "CVE-2018-20748-08854b13",
"target": {
"function": "HandleRFBServerMessage",
"file": "libvncclient/rfbproto.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/libvnc/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a",
"digest": {
"function_hash": "12073792519026169399055785631219693532",
"length": 15576.0
},
"signature_type": "Function"
},
{
"id": "CVE-2018-20748-0b22567d",
"target": {
"file": "libvncclient/rfbproto.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/libvnc/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"270509393327960365748685557792116831529",
"339080614919184849562659400147945780071",
"64130665682880843821983036439133378936"
]
},
"signature_type": "Line"
}
]