CVE-2017-5885

Related Files

Red Hat Security Advisory 2017-2258-01

Posted Aug 2, 2017

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2258-01 - The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc widget is built by using co-routines, which allows the widget to be completely asynchronous while remaining single-threaded. The following packages have been upgraded to a later upstream version: gtk-vnc. Security Fix: It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2017-5884, CVE-2017-5885

SHA-256 | 0200d88f92cad321797b1906bfc6e038d764948ed57ae7fea09ba01b5172292d

Download | Favorite | View

Ubuntu Security Notice USN-3203-1

Posted Feb 20, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3203-1 - It was discovered that gtk-vnc incorrectly validated certain data. A malicious server could use this issue to cause gtk-vnc to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2017-5884, CVE-2017-5885

SHA-256 | 6c58dfec8d09852c5bf6261c22dcb2332232e0c2a285cf29b44c1e453ec62204

Download | Favorite | View