6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.165 Low
EPSS
Percentile
96.0%
Vinagre is a VNC Client for the GNOME Desktop.
Alfredo Ortega (Core Security Technologies) reported a format string error in the vinagre_utils_show_error() function in src/vinagre-utils.c.
A remote attacker could entice a user into opening a specially crafted .vnc file or connecting to a malicious server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
All Vinagre users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/vinagre-0.5.2"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-misc/vinagre | < 0.5.2 | UNKNOWN |