Published: 01/04/2017 Updated: 13/01/2018

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tigervnc tigervnc 1.7.1

Debian Bug report logs - #859259 tigervnc: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Package: src:tigervnc; Maintainer for src:tigervnc is TigerVNC Packaging Team <pkg-tigervnc-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 1 Apr 2017 10:21 ...

Buffer overflow in ModifiablePixelBuffer::fillRectA buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service (CVE-2017-5581) VNC server can crash when TLS handshake terminates early:A denial of service fla ...

CWE-190 https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689 https://github.com/TigerVNC/tigervnc/pull/436 http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://security.gentoo.org/glsa/201801-13 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859259 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2017-879.html

CVE-2017-7395

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect