gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | gtk-vnc | < 0.6.0-3 | gtk-vnc_0.6.0-3_all.deb |
Debian | 11 | all | gtk-vnc | < 0.6.0-3 | gtk-vnc_0.6.0-3_all.deb |
Debian | 10 | all | gtk-vnc | < 0.6.0-3 | gtk-vnc_0.6.0-3_all.deb |
Debian | 999 | all | gtk-vnc | < 0.6.0-3 | gtk-vnc_0.6.0-3_all.deb |
Debian | 13 | all | gtk-vnc | < 0.6.0-3 | gtk-vnc_0.6.0-3_all.deb |