Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-0905

Published: 2 May 2011

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

Notes

AuthorNote
mdeslaur
code doesn't seem present in kdenetwork in lucid and maverick
turns out libvncserver and kdenetwork aren't vulnerable

Priority

Medium

Status

Package Release Status
kdenetwork
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Not vulnerable
(code not present)
maverick Not vulnerable
(code not present)
natty Not vulnerable

upstream Needs triage

libvncserver
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Not vulnerable

karmic Ignored
(reached end-of-life)
lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

upstream Needs triage

vino
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy
Released (2.22.2-0ubuntu1.1)
karmic Ignored
(reached end-of-life)
lucid
Released (2.28.2-0ubuntu2.1)
maverick
Released (2.32.0-0ubuntu1.2)
natty
Released (2.32.1-0ubuntu2.1)
upstream Needs triage

Patches:
upstream: http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279