CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-1000044
https://notcve.org/view.php?id=CVE-2017-1000044
13 Jul 2017 — gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering En gtk-vnc versión 0.4.2 y anteriores, no comprueban correctamente los límites del framebuffer cuando se actualiza el framebuffer, lo que puede conllevar a una corrupción de memoria al renderizar. • https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5884 – gtk-vnc: Improper check of framebuffer boundaries when processing a tile
https://notcve.org/view.php?id=CVE-2017-5884
20 Feb 2017 — gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. gtk-vnc en versiones anteriores a 0.7.0 no comprueba adecuadamente los límites de azulejos que contienen sub rectángulo, lo que permite a servidores remotos ejecutar código arbitrario a través de las coordenadas src x, y en un azulejo (1) rre, (2) hextile o (3) copyrect manipulado.... • http://www.openwall.com/lists/oss-security/2017/02/03/5 • CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5885 – gtk-vnc: Integer overflow when processing SetColorMapEntries
https://notcve.org/view.php?id=CVE-2017-5885
20 Feb 2017 — Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. Múltiples desbordamientos de entero en las funciones (1) vnc_connection_server_message y (2) vnc_color_map_set en gtk-vnc en versiones anteriores a 0.7.0 permiten a servidores remotos provocar una denegación de serv... • http://www.openwall.com/lists/oss-security/2017/02/03/5 • CWE-190: Integer Overflow or Wraparound •