CVE-2016-9941

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A heap-based buffer overflow has been discovered in rfbproto.c in the LibVNCClient part of LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
Group Package Affected Fixed Severity Status Ticket
AVG-124 libvncserver 0.9.10-4 0.9.11-1 Critical Fixed FS#52481
Date Advisory Group Package Severity Description
13 Jan 2017 ASA-201701-20 AVG-124 libvncserver Critical arbitrary code execution
References
https://github.com/LibVNC/libvncserver/pull/137