CVE-2011-0905
Published: 2 May 2011
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
Notes
Author | Note |
---|---|
mdeslaur | code doesn't seem present in kdenetwork in lucid and maverick turns out libvncserver and kdenetwork aren't vulnerable |
Priority
Status
Package | Release | Status |
---|---|---|
kdenetwork Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
hardy |
Ignored
(reached end-of-life)
|
|
karmic |
Ignored
(reached end-of-life)
|
|
lucid |
Not vulnerable
(code not present)
|
|
maverick |
Not vulnerable
(code not present)
|
|
natty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
libvncserver Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
hardy |
Not vulnerable
|
|
karmic |
Ignored
(reached end-of-life)
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
vino Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
hardy |
Released
(2.22.2-0ubuntu1.1)
|
|
karmic |
Ignored
(reached end-of-life)
|
|
lucid |
Released
(2.28.2-0ubuntu2.1)
|
|
maverick |
Released
(2.32.0-0ubuntu1.2)
|
|
natty |
Released
(2.32.1-0ubuntu2.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279 |