The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and previous versions does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libvncserver libvncserver |
||
oracle solaris 11.3 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |