Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-9941

Published: 31/12/2016 Updated: 23/10/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libvncserver Project

Vulnerability Summary

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer prior to 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libvncserver project libvncserver

Vendor Advisories

Ubuntu Security Notice: libvncserver vulnerabilities
Several security issues were fixed in LibVNCServer ...
Debian CVElist Bug Report Logs: libvncserver: CVE-2016-9941
Debian Bug report logs - #850007 libvncserver: CVE-2016-9941 Package: src:libvncserver; Maintainer for src:libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 3 Jan 2017 06:15:01 UTC Severity: grave Tags: patch, security, upstream Found in versio ...
Debian CVElist Bug Report Logs: libvncserver: CVE-2016-9942
Debian Bug report logs - #850008 libvncserver: CVE-2016-9942 Package: src:libvncserver; Maintainer for src:libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 3 Jan 2017 06:15:05 UTC Severity: grave Tags: patch, security, upstream Found in versio ...
Red Hat: CVE-2016-9941
Heap-based buffer overflow in rfbprotoc in LibVNCClient in LibVNCServer before 0911 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area ...
Arch Linux Issues:
A heap-based buffer overflow has been discovered in rfbprotoc in the LibVNCClient part of LibVNCServer before 0911 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area ...

Recent Articles

VNC server library gets security fix
The Register • Richard Chirgwin • 09 Jan 2017

Debian plugs overflow vuln

An important fix for libvncserver has landed in Debian and on the library's GitHub page. Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers. As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming packets, leading to heap-based buffer overflows. Clients could be attacked either for denial-of-service, or potentially for remote code execution. The folks at libvncserver pus...

Read more...

References

CWE-119https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11https://github.com/LibVNC/libvncserver/pull/137http://www.securityfocus.com/bid/95170http://www.debian.org/security/2017/dsa-3753https://security.gentoo.org/glsa/201702-24https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://usn.ubuntu.com/4587-1/https://usn.ubuntu.com/3171-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook