Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer prior to 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libvncserver project libvncserver 0.9.10 |
Debian plugs overflow vuln
An important fix for libvncserver has landed in Debian and on the library's GitHub page. Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers. As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming packets, leading to heap-based buffer overflows. Clients could be attacked either for denial-of-service, or potentially for remote code execution. The folks at libvncserver pus...