[3.5] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message containing a subrectangle outside of the
client drawing area.
Fixed In Version:
libvncserver 0.9.11
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9941
Patch:
https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9942: Heap-based buffer overflow in ultra.c
Heap-based buffer overflow was found in ultra.c in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service (application crash)
or possibly execute arbitrary code via a crafted FramebufferUpdate
message with the Ultra type tile, such that the LZO payload decompressed
length exceeds what is specified by the tile dimensions.
Fixed In Version:
libvncserver 0.9.11
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942
Patch:
https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb
(from redmine: issue id 6638, created on 2017-01-06, closed on 2017-01-23)
- Relations:
- parent #6636 (closed)
- Changesets:
- Revision 09e18065 by Sergei Lukin on 2017-01-12T07:55:54Z:
main/libvncserver: security fixes #6638
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
CVE-2016-9942: Heap-based buffer overflow in ultra.c