CVE-2016-9942 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A heap-based buffer overflow has been discovered in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-124 | libvncserver | 0.9.10-4 | 0.9.11-1 | Critical | Fixed | FS#52481 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 13 Jan 2017 | ASA-201701-20 | AVG-124 | libvncserver | Critical | arbitrary code execution |
| References |
|---|
https://github.com/LibVNC/libvncserver/pull/137 |