CVE-2011-0904

Published: 2 May 2011

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

Notes

Author	Note
mdeslaur	code doesn't seem present in kdenetwork in lucid and maverick turns out libvncserver and kdenetwork aren't vulnerable

Priority

Status

Package	Release	Status
kdenetwork Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Ignored (end of life)
	karmic	Ignored (end of life)
	lucid	Not vulnerable (code not present)
	maverick	Not vulnerable (code not present)
	natty	Not vulnerable
	upstream	Needs triage
libvncserver Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Not vulnerable
	karmic	Ignored (end of life)
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Not vulnerable
	upstream	Needs triage
vino Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Released (2.22.2-0ubuntu1.1)
	karmic	Ignored (end of life)
	lucid	Released (2.28.2-0ubuntu2.1)
	maverick	Released (2.32.0-0ubuntu1.2)
	natty	Released (2.32.1-0ubuntu2.1)
	upstream	Needs triage
	Patches: upstream: http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279

References

Bugs

https://bugzilla.gnome.org/show_bug.cgi?id=641802

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›