CVE-2016-9942 log
Source |
|
Severity | Critical |
Remote | Yes |
Type | Arbitrary code execution |
Description | A heap-based buffer overflow has been discovered in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-124 | libvncserver | 0.9.10-4 | 0.9.11-1 | Critical | Fixed | FS#52481 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
13 Jan 2017 | ASA-201701-20 | AVG-124 | libvncserver | Critical | arbitrary code execution |
References |
---|
https://github.com/LibVNC/libvncserver/pull/137 |