libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708)
An issue was discovered in libvncserver-0.9.12. There is a divide by zero in rfbSendRectEncodingRaw function in libvncserver/rfbserver.c. Attackers can launch a denial of service attack by sending a special message to the VNC server.
Fixed In Version:
libvncserver 0.9.13
Reference:
- https://github.com/LibVNC/libvncserver/issues/409
- https://security-tracker.debian.org/tracker/CVE-2020-25708
Patch:
https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba
Affected branches:
secfixes comment needs update