oss-sec mailing list archives
Re: [tigervnc-announce] TigerVNC 1.7.1
From: <cve-assign () mitre org>
Date: Wed, 25 Jan 2017 03:46:44 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba https://github.com/TigerVNC/tigervnc/pull/399 https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1
a memory overflow issue via the RRE decoder. A malicious server could possibly use this issue to take control of the TigerVNC viewer.
Fix buffer overflow in ModifiablePixelBuffer::fillRect.
It can be triggered by RRE message with subrectangle out of framebuffer boundaries.
Use CVE-2017-5581. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYiGPRAAoJEHb/MwWLVhi274EP/0qCORqMxPgDJAXIuqgpAj0L G6e5HtbqrxbWITMMCKtA4SVuoRO+vVBd4wLB9DvnTHIwkrXzZQVSWqiEfGpgEoIX m5Chyh+uBcrsmk5tRy9DCaKTJFHWev4NRQA115DfufdHNaHUAuaJbODQwf4LRv1C oNQWbzR/eyPix+lX9pRlu8uUmm7gZqPZJYxS7kCfmRk07N1LENDCOz5U+MexyY52 BktCV0CZ4zquvzHJTDd13OH3mpPHOrdTeyS1g7OfVe+Plk0ot4UooRCpSgGK53Ur +/p3Ms0lSf8fGJ8efghjxEZchmRdP/6ao1v6TawKuYKRfYedxB6dnfQQfdy9XIfX t5enoEkl0+FHx7FjjQoJFKEq/mW7tkr/5Rl1vdcNpSch3GlwR68hCISrd5EEYFCH NC2q3ICrfeYDw9Hx1EEwioA99Rh3mVfa4E8p5r6evzhn3ZLQDg9fbRooX4p7GZEi uEMGRSciVcYwq6L2rnKVukC1JKTxT7ZnYRbYKqz4zwjOA46MKK7VYkoyLfZq6LWS 8JxHyajn7J5nDSa/USAYLEtgK3Ijo42MYfpErogxmEcEZNWyNv4NIbzMRCn2gk7l y5EMlp/ITscPeoptLGzIXmtvGKFl/+VU1tpMzRnVofEkLU0Jf8Nw/gsjL5qz5Z/G 469D7HNsmKu/RHofEa6p =7pz8 -----END PGP SIGNATURE-----
Current thread:
- Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 21)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman (Jan 23)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 23)
- Re: [tigervnc-announce] TigerVNC 1.7.1 cve-assign (Jan 25)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman (Jan 23)