Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 25 Jan 2017 03:46:44 -0500
From: <cve-assign@...re.org>
To: <alan.coopersmith@...cle.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: [tigervnc-announce] TigerVNC 1.7.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
> https://github.com/TigerVNC/tigervnc/pull/399
> https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1

> a memory overflow issue
> via the RRE decoder. A malicious server could possibly use this issue to take
> control of the TigerVNC viewer.

>> Fix buffer overflow in ModifiablePixelBuffer::fillRect.

>> It can be triggered by RRE message with subrectangle out of framebuffer
>> boundaries.

Use CVE-2017-5581.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYiGPRAAoJEHb/MwWLVhi274EP/0qCORqMxPgDJAXIuqgpAj0L
G6e5HtbqrxbWITMMCKtA4SVuoRO+vVBd4wLB9DvnTHIwkrXzZQVSWqiEfGpgEoIX
m5Chyh+uBcrsmk5tRy9DCaKTJFHWev4NRQA115DfufdHNaHUAuaJbODQwf4LRv1C
oNQWbzR/eyPix+lX9pRlu8uUmm7gZqPZJYxS7kCfmRk07N1LENDCOz5U+MexyY52
BktCV0CZ4zquvzHJTDd13OH3mpPHOrdTeyS1g7OfVe+Plk0ot4UooRCpSgGK53Ur
+/p3Ms0lSf8fGJ8efghjxEZchmRdP/6ao1v6TawKuYKRfYedxB6dnfQQfdy9XIfX
t5enoEkl0+FHx7FjjQoJFKEq/mW7tkr/5Rl1vdcNpSch3GlwR68hCISrd5EEYFCH
NC2q3ICrfeYDw9Hx1EEwioA99Rh3mVfa4E8p5r6evzhn3ZLQDg9fbRooX4p7GZEi
uEMGRSciVcYwq6L2rnKVukC1JKTxT7ZnYRbYKqz4zwjOA46MKK7VYkoyLfZq6LWS
8JxHyajn7J5nDSa/USAYLEtgK3Ijo42MYfpErogxmEcEZNWyNv4NIbzMRCn2gk7l
y5EMlp/ITscPeoptLGzIXmtvGKFl/+VU1tpMzRnVofEkLU0Jf8Nw/gsjL5qz5Z/G
469D7HNsmKu/RHofEa6p
=7pz8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ