Описание
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gtk-vnc | Will not fix | ||
| Red Hat Enterprise Linux 6 | gtk-vnc | Will not fix | ||
| Red Hat Enterprise Virtualization 3 | mingw-virt-viewer | Will not fix | ||
| Red Hat Enterprise Linux 7 | gtk-vnc | Fixed | RHSA-2017:2258 | 01.08.2017 |
Показывать по
Дополнительная информация
Статус:
3.1 Low
CVSS3
Связанные уязвимости
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangl ...
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
3.1 Low
CVSS3