Описание
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gtk-vnc | Will not fix | ||
| Red Hat Enterprise Linux 6 | gtk-vnc | Will not fix | ||
| Red Hat Enterprise Virtualization 3 | mingw-virt-viewer | Will not fix | ||
| Red Hat Enterprise Linux 7 | gtk-vnc | Fixed | RHSA-2017:2258 | 01.08.2017 |
Показывать по
Дополнительная информация
Статус:
3.1 Low
CVSS3
Связанные уязвимости
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
Multiple integer overflows in the (1) vnc_connection_server_message an ...
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
3.1 Low
CVSS3