Project

General

Profile

Bug #6636

libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)

Added by Alicha CH over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
01/06/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2016-9941: Heap-based buffer overflow in rfbproto.c

Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.

Fixed In Version:

libvncserver 0.9.11

Reference:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9941

Patch:

https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2

CVE-2016-9942: Heap-based buffer overflow in ultra.c

Heap-based buffer overflow was found in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.

Fixed In Version:

libvncserver 0.9.11

Reference:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942

Patch:

https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb


Subtasks

Bug #6637: [3.6] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)Closed

Bug #6638: [3.5] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)Closed

Bug #6639: [3.4] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)Closed

Bug #6640: [3.3] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)Closed

Bug #6641: [3.2] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)Closed

History

#1 Updated by Alicha CH over 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF