Lucene search

K
osvGoogleOSV:USN-4772-1
HistoryMar 15, 2021 - 8:16 p.m.

vnc4 vulnerabilities

2021-03-1520:16:26
Google
osv.dev
18
vnc4
ubuntu
vulnerabilities
xorg-server
expat
security
information leakage
denial of service
arbitrary code.

AI Score

7.9

Confidence

High

EPSS

0.068

Percentile

94.0%

USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides
the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-0255)

USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the
corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-1283)

Original advisory details:

Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)

It was discovered that Expat incorrectly handled malformed XML data. If a
user or application linked against Expat were tricked into opening a
crafted XML file, an attacker could cause a denial of service, or possibly
execute arbitrary code. (CVE-2015-1283)