CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000044
https://notcve.org/view.php?id=CVE-2017-1000044
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering En gtk-vnc versión 0.4.2 y anteriores, no comprueban correctamente los límites del framebuffer cuando se actualiza el framebuffer, lo que puede conllevar a una corrupción de memoria al renderizar. • https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5884 – gtk-vnc: Improper check of framebuffer boundaries when processing a tile
https://notcve.org/view.php?id=CVE-2017-5884
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. gtk-vnc en versiones anteriores a 0.7.0 no comprueba adecuadamente los límites de azulejos que contienen sub rectángulo, lo que permite a servidores remotos ejecutar código arbitrario a través de las coordenadas src x, y en un azulejo (1) rre, (2) hextile o (3) copyrect manipulado. It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. • http://www.openwall.com/lists/oss-security/2017/02/03/5 http://www.openwall.com/lists/oss-security/2017/02/05/5 http://www.securityfocus.com/bid/96016 https://access.redhat.com/errata/RHSA-2017:2258 https://bugzilla.gnome.org/show_bug.cgi?id=778048 https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK https://access.redhat.com/securit • CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5885 – gtk-vnc: Integer overflow when processing SetColorMapEntries
https://notcve.org/view.php?id=CVE-2017-5885
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. Múltiples desbordamientos de entero en las funciones (1) vnc_connection_server_message y (2) vnc_color_map_set en gtk-vnc en versiones anteriores a 0.7.0 permiten a servidores remotos provocar una denegación de servicio (caída) o la posibilidad de ejecutar código arbitrario a través de vectores implicando SetColorMapEntries, lo que desencadena un desbordamiento de búfer. An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. • http://www.openwall.com/lists/oss-security/2017/02/03/5 http://www.openwall.com/lists/oss-security/2017/02/05/5 http://www.securityfocus.com/bid/96016 https://access.redhat.com/errata/RHSA-2017:2258 https://bugzilla.gnome.org/show_bug.cgi?id=778050 https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK https://access.redhat.com/securit • CWE-190: Integer Overflow or Wraparound •