Integer Overflow Vulnerabilities in gtk-vnc by GNOME
CVE-2017-5885

9.8CRITICAL

Key Information:

Vendor
Fedoraproject
Status
Fedora
Vendor
CVE Published:
28 February 2017

Summary

The gtk-vnc library is affected by multiple integer overflow vulnerabilities found in the vnc_connection_server_message and vnc_color_map_set functions. These flaws potentially enable remote servers to exploit the SetColorMapEntries functionality, which could lead to denial of service through a crash or, in certain scenarios, allow for the execution of arbitrary code. This highlights the critical importance of secure input validation mechanisms within the library.

References

https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd37...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2017/02/03/5
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/96016
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.