Download
| Alert*
[3.6] gtk-vnc: two input validation flaws (CVE-2017-5884, CVE-2017-5885)
CVE-2017-5884: Improper check of framebuffer boundaries when processing a tile; gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted rre, hextile, or copyrect tile.
|