CVE-2011-0904

Priority
Medium
Description
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in
vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before
3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote
authenticated users to cause a denial of service (daemon crash) via a large
(1) X position or (2) Y position value in a framebuffer update request that
triggers an out-of-bounds memory access, related to the rfbTranslateNone
and rfbSendRectEncodingRaw functions.
References
Bugs
Notes
 mdeslaur> code doesn't seem present in kdenetwork in lucid and maverick
 mdeslaur> turns out libvncserver and kdenetwork aren't vulnerable
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: vino (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Upstream:http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279
More Information

Updated: 2017-08-11 23:46:17 UTC (commit 13081)