CVE-2011-0904

Published: 02 May 2011

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

Priority

Medium

Status

Package Release Status
kdenetwork
Launchpad, Ubuntu, Debian
Upstream Needs triage

libvncserver
Launchpad, Ubuntu, Debian
Upstream Needs triage

vino
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279

Notes

AuthorNote
mdeslaur
code doesn't seem present in kdenetwork in lucid and maverick
turns out libvncserver and kdenetwork aren't vulnerable

References

Bugs