Back to search
CVE-2011-0905
Published: May 10, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1128-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SR:2011:009
vendor-advisory
x_refsource_SUSE
MDVSA-2011:087
vendor-advisory
x_refsource_MANDRIVA
RHSA-2013:0169
vendor-advisory
x_refsource_REDHAT
https://bugzilla.gnome.org/show_bug.cgi?id=641803
x_refsource_CONFIRM
44410
third-party-advisory
x_refsource_SECUNIA
http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news
x_refsource_CONFIRM
ADV-2011-1144
vdb-entry
x_refsource_VUPEN
vino-framebuffer-dos(67244)
vdb-entry
x_refsource_XF
http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news
x_refsource_CONFIRM
47681
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=694456
x_refsource_CONFIRM
http://git.gnome.org/browse/vino/log/?h=gnome-2-30
x_refsource_CONFIRM
DSA-2238
vendor-advisory
x_refsource_DEBIAN
44463
third-party-advisory
x_refsource_SECUNIA
http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news
x_refsource_CONFIRM
http://git.gnome.org/browse/vino/tree/NEWS
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now