oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [tigervnc-announce] TigerVNC 1.7.1

From: <cve-assign () mitre org>
Date: Wed, 25 Jan 2017 03:46:44 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
https://github.com/TigerVNC/tigervnc/pull/399
https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1



a memory overflow issue
via the RRE decoder. A malicious server could possibly use this issue to take
control of the TigerVNC viewer.



Fix buffer overflow in ModifiablePixelBuffer::fillRect.



It can be triggered by RRE message with subrectangle out of framebuffer
boundaries.


Use CVE-2017-5581.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYiGPRAAoJEHb/MwWLVhi274EP/0qCORqMxPgDJAXIuqgpAj0L
G6e5HtbqrxbWITMMCKtA4SVuoRO+vVBd4wLB9DvnTHIwkrXzZQVSWqiEfGpgEoIX
m5Chyh+uBcrsmk5tRy9DCaKTJFHWev4NRQA115DfufdHNaHUAuaJbODQwf4LRv1C
oNQWbzR/eyPix+lX9pRlu8uUmm7gZqPZJYxS7kCfmRk07N1LENDCOz5U+MexyY52
BktCV0CZ4zquvzHJTDd13OH3mpPHOrdTeyS1g7OfVe+Plk0ot4UooRCpSgGK53Ur
+/p3Ms0lSf8fGJ8efghjxEZchmRdP/6ao1v6TawKuYKRfYedxB6dnfQQfdy9XIfX
t5enoEkl0+FHx7FjjQoJFKEq/mW7tkr/5Rl1vdcNpSch3GlwR68hCISrd5EEYFCH
NC2q3ICrfeYDw9Hx1EEwioA99Rh3mVfa4E8p5r6evzhn3ZLQDg9fbRooX4p7GZEi
uEMGRSciVcYwq6L2rnKVukC1JKTxT7ZnYRbYKqz4zwjOA46MKK7VYkoyLfZq6LWS
8JxHyajn7J5nDSa/USAYLEtgK3Ijo42MYfpErogxmEcEZNWyNv4NIbzMRCn2gk7l
y5EMlp/ITscPeoptLGzIXmtvGKFl/+VU1tpMzRnVofEkLU0Jf8Nw/gsjL5qz5Z/G
469D7HNsmKu/RHofEa6p
=7pz8
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: