CVE-2016-9941: Heap-based buffer overflow in rfbproto.c Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. Fixed In Version libvncserver 0.9.11 Reference Patch CVE-2016-9942: Heap-based buffer overflow in ultra.c Heap-based buffer overflow was found in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Fixed In Version libvncserver 0.9.11 Reference Patch