Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 19 Mar 2014 18:24:02 +0100
From: Tomas Hoger <>
Subject: TigerVNC 1.3.1 fixes ZRLE decoding bounds checking issue


New release of TigerVNC fixes an issue with boundary checks in the ZRLE
decoding.  Boundary checks existed in the code in form of assert()s,
which were removed in builds with NDEBUG defined.  That is default for
release builds done by cmake, which is used by TigerVNC.  This could
possibly allow malicious server to compromise vncviewer.

The same problem may affect related *VNC implementations if built with

CVE-2014-0011 was assigned to the issue.


Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.