An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
[ { "deprecated": false, "source": "https://github.com/libvnc/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af", "signature_type": "Line", "target": { "file": "libvncserver/scale.c" }, "digest": { "line_hashes": [ "248208949429347463031521643800921156886", "267256123706877668341539977664866338222", "69871433148263572302381190377581994547", "163000897568946296525180340287495104796" ], "threshold": 0.9 }, "id": "CVE-2020-14401-b9e34590", "signature_version": "v1" }, { "deprecated": false, "source": "https://github.com/libvnc/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af", "signature_type": "Function", "target": { "file": "libvncserver/scale.c", "function": "rfbScaledScreenUpdateRect" }, "digest": { "length": 3173.0, "function_hash": "285897253734337289413665599072403539224" }, "id": "CVE-2020-14401-f7899987", "signature_version": "v1" } ]