Your submission was sent successfully! Close

CVE-2011-0905

Published: 02 May 2011

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

Priority

Medium

Status

Package Release Status
kdenetwork
Launchpad, Ubuntu, Debian
Upstream Needs triage

libvncserver
Launchpad, Ubuntu, Debian
Upstream Needs triage

vino
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279

Notes

AuthorNote
mdeslaur
code doesn't seem present in kdenetwork in lucid and maverick
turns out libvncserver and kdenetwork aren't vulnerable

References

Bugs