CVE-2017-5885

Priority
Medium
Description
Multiple integer overflows in the (1) vnc_connection_server_message and (2)
vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to
cause a denial of service (crash) or possibly execute arbitrary code via
vectors involving SetColorMapEntries, which triggers a buffer overflow.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (0.6.0-3)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.5.3-0ubuntu2.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.5.3-1.3ubuntu2.1)
Ubuntu 17.04 (Zesty Zapus):not-affected (0.6.0-3)
Patches:
Upstream:https://git.gnome.org/browse/gtk-vnc/commit/?id=661a676e556fef17e53c09b9e2656adc80eb0acf
Upstream:https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e
More Information

Updated: 2017-08-11 23:55:53 UTC (commit 13081)