[3.6] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)ID: oval:org.secpod.oval:def:1800428 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c; Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. Fixed In Version: libvncserver 0.9.11 Reference: Patch: CVE-2016-9942: Heap-based buffer overflow in ultra.c; Heap-based buffer overflow was found in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Fixed In Version: libvncserver 0.9.11 Reference: Patch:
Platform: |
Alpine Linux 3.6 |