Back to search
CVE-2016-9942
Published: Dec 31, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
95170
vdb-entry
x_refsource_BID
https://github.com/LibVNC/libvncserver/pull/137
x_refsource_CONFIRM
DSA-3753
vendor-advisory
x_refsource_DEBIAN
GLSA-201702-24
vendor-advisory
x_refsource_GENTOO
https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
x_refsource_CONFIRM
[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update
mailing-list
x_refsource_MLIST
USN-4587-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now