[3.5] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)ID: oval:org.secpod.oval:def:1800131 | Date: (C)2018-03-28 (M)2022-04-06 |
Class: PATCH | Family: unix |
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. Fixed In Version libvncserver 0.9.11 Reference Patch CVE-2016-9942: Heap-based buffer overflow in ultra.c Heap-based buffer overflow was found in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Fixed In Version libvncserver 0.9.11 Reference Patch
Platform: |
Alpine Linux 3.5 |