Buffer Overflow Vulnerability in gtk-vnc by GNOME
CVE-2017-5884

7.8HIGH

Key Information:

Vendor
Fedoraproject
Status
Fedora
Vendor
CVE Published:
28 February 2017

Summary

The gtk-vnc library, prior to version 0.7.0, is susceptible to a buffer overflow vulnerability due to improper boundary checks in subrectangle-containing tiles. This flaw enables remote servers to craft malicious tiles using formats such as rre, hextile, or copyrect. The exploitation of this vulnerability could lead to arbitrary code execution on the client side, posing significant security risks for users of the affected versions.

References

http://www.openwall.com/lists/oss-security/2017/02/03/5
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/96016
vdb-entryx_refsource_BID
https://bugzilla.gnome.org/show_bug.cgi?id=778048
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.