{"id":"CVE-2020-14397","details":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.","modified":"2026-04-15T23:59:15.874828329Z","published":"2020-06-17T16:15:11.773Z","related":["ALSA-2021:1811","SUSE-SU-2020:14424-1","SUSE-SU-2020:1922-1","SUSE-SU-2020:2167-1","openSUSE-SU-2020:0988-1","openSUSE-SU-2020:1025-1","openSUSE-SU-2020:1056-1","openSUSE-SU-2024:10598-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"},{"type":"ADVISORY","url":"https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0"},{"type":"ADVISORY","url":"https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4434-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4573-1/"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"},{"type":"FIX","url":"https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvnc/libvncserver","events":[{"introduced":"0"},{"fixed":"38e98ee61d74f5f5ab4aa4c77146faad1962d6d0"}]}],"versions":["LibVNCServer-0.9.10","LibVNCServer-0.9.11","LibVNCServer-0.9.12","LibVNCServer-0.9.8","LibVNCServer-0.9.9","X11VNC_0_9_10","X11VNC_0_9_11","X11VNC_0_9_12","X11VNC_0_9_7","X11VNC_0_9_8","X11VNC_0_9_9","X11VNC_REL_0_9_4","X11VNC_REL_0_9_5","X11VNC_REL_0_9_6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14397.json","vanir_signatures":[{"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","target":{"file":"libvncserver/rfbserver.c","function":"rfbClientIteratorNext"},"digest":{"function_hash":"297202612131400419264101244022029335570","length":564},"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2020-14397-57138274"},{"target":{"file":"libvncserver/rfbregion.c","function":"sraSpanRemove"},"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","digest":{"function_hash":"35943597304556728290599649561873686848","length":129},"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2020-14397-62fecc1c"},{"target":{"file":"libvncserver/rfbregion.c","function":"sraSpanInsertBefore"},"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","digest":{"function_hash":"13375577804589520980869365028992005452","length":177},"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2020-14397-7db584a1"},{"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","target":{"file":"libvncserver/rfbregion.c","function":"sraSpanInsertAfter"},"digest":{"function_hash":"308180803968003756632479985064601731480","length":177},"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2020-14397-b286e04f"},{"signature_type":"Line","target":{"file":"libvncserver/rfbregion.c"},"digest":{"threshold":0.9,"line_hashes":["129789622784888703049761371788375090829","192021373110556373924439968139735438884","61072920218535349534747548085317793870","290028638275504518166892205271637573622","309529031156275530272242272036928506489","63814239015190438186515325761625769582","305345191105789934771957096566624699162","164856137291477852452065722557293518470","258276280196864558935373940393721172142","260530719255116134297278517836890348386","219211903808393606215952572397156439919","164379770128048257586355656012362062922","49864376157076557018843636422687187024","326415775950170687086498577993376834425","176015776013475282985826867223578781969","188226683699824686304425512567088681309","87338811101464322177305173082397686098","338038670024466485237077130119798763896","200654883490875339150761829742367690988"]},"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_version":"v1","deprecated":false,"id":"CVE-2020-14397-c6e68006"},{"target":{"file":"libvncserver/rfbserver.c"},"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","digest":{"threshold":0.9,"line_hashes":["188611924461224704302489486341034162652","45100662802048171843781279201327666989","228183687346468758546468784391674645379","112246271884870165818073004635834463683","322962774470696617483175220566020184863","276446598387385854228408982083396903462","318670290681636359680857980044567325665","28880945584438269491008089576739099616"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2020-14397-dcee1ebf"},{"signature_type":"Function","target":{"file":"libvncserver/rfbserver.c","function":"rfbReleaseClientIterator"},"digest":{"function_hash":"57427340694778193739664377224873694190","length":105},"source":"https://github.com/libvnc/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0","signature_version":"v1","deprecated":false,"id":"CVE-2020-14397-ddcdae11"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}