View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-7225 severity important: SUSE including 32 source package names (LibVNCServer, LibVNCServer-0.9.1-160.3.1, …), 63 product×package rows across 35 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 12 SP3, … (35 product lines)): Fixed 47, Known Not Affected 16.
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.