RealVNC takes pride in our security position and believes in full transparency regarding the security of our software.
We recommend customers run the latest versions of VNC Viewer and VNC Server, available from https://www.realvnc.com/en/connect/download/vnc/, to maximise the security of their RealVNC deployment.
Below is a complete list of security issues which have affected RealVNC software.
CVE-2022-27502 (No remote threat, local access required)
A vulnerability was discovered in RealVNC VNC Server installations on Windows when running MSI repair, which can lead to a local user privilege escalation. This affects RealVNC VNC Server versions 5.1.0 - 6.9.0 on Windows and the issue is fixed in VNC Server 6.9.1.
Internally identified (No remote threat, local access required)
RealVNC VNC Server has a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local users to escalate user privileges on Linux and potentially macOS. This affects RealVNC VNC Server versions 5.0.6 – 6.8.0 and the issue has been fixed in VNC Server 6.9.0. RealVNC VNC Server on Windows and VNC Viewer are not affected. This vulnerability is fixed in VNC Server 6.9.
CVE-2013-6886 (No remote threat, local access required)
VNC 5.0.6 allows local users to execute arbitrary code as root, through passing a maliciously crafted argument vector to the vncserver (Mac) and vncserver-x11/Xvnc (Linux, Solaris, AIX, HP-UX) setuid-root helpers. The vulnerability affects VNC 5.0.6 only, and is fixed in VNC 5.0.7. VNC 5.1.0 and later are not affected. VNC on Windows is not affected.
CVE-2008-4770 (Moderate — only affects VNC Viewer)
The CMsgReader::readRect function in VNC Viewer provided with VNC Free Edition 4.0 through 4.1.2, VNC Enterprise Edition 4.0 through 4.4.2, and VNC Personal Edition 4.0 through 4.4.2 allows a remote VNC Server to execute arbitrary code via crafted RFB protocol data, related to encoding type.
CVE-2008-3493 (Not severe — only affects VNC Viewer)
VNC Viewer 126.96.36.199 allows a remote VNC Server to cause a denial of service (application crash) via a crafted framebuffer update packet.
VNC Enterprise Edition 4.1.1, and other products that embed RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which a client specifies an insecure security type (for example, "Type 1 - None") that is accepted even if it is not offered by VNC Server, as originally demonstrated using a long password.
CVE-2004-1750 (Not severe — only affects VNC Server)
VNC Enterprise Edition 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900.
If you come across a security issue with VNC that is not listed above, please contact us via our Help Center