Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-4770

Published: 16 January 2009

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

Priority

Medium

Status

Package Release Status
vnc4
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needed)
hardy Ignored
(end of life)
intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
maverick Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
natty Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
oneiric Not vulnerable
(4.1.1+xorg4.3.0-37ubuntu1)
upstream
Released (4.1.3)
Patches:
vendor: https://bugzilla.redhat.com/attachment.cgi?id=329323
vendor: http://patch-tracking.debian.net/patch/series/view/vnc4/4.1.1+X4.3.0-31/vnc-CVE-2008-4770.diff