AVG-124

Package libvncserver
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 0.9.10-4
Fixed 0.9.11-1
Current 0.9.11-3 [extra]
Ticket FS#52481
Created Sun Jan 1 17:16:34 2017
Issue Severity Remote Type Description
CVE-2016-9942 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been discovered in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service...
CVE-2016-9941 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been discovered in rfbproto.c in the LibVNCClient part of LibVNCServer before 0.9.11 allows remote servers to cause a...
Date Advisory Package Description
13 Jan 2017 ASA-201701-20 libvncserver arbitrary code execution
References
https://github.com/LibVNC/libvncserver/pull/137