CVE-2011-0904

2011-05-0200:00:00

ubuntu.com

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in
vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before
3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote
authenticated users to cause a denial of service (daemon crash) via a large
(1) X position or (2) Y position value in a framebuffer update request that
triggers an out-of-bounds memory access, related to the rfbTranslateNone
and rfbSendRectEncodingRaw functions.

Bugs

<https://bugzilla.gnome.org/show_bug.cgi?id=641802>

Notes

Author	Note
mdeslaur	code doesn’t seem present in kdenetwork in lucid and maverick turns out libvncserver and kdenetwork aren’t vulnerable

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchvino< 2.22.2-0ubuntu1.1UNKNOWN
ubuntu10.04noarchvino< 2.28.2-0ubuntu2.1UNKNOWN
ubuntu10.10noarchvino< 2.32.0-0ubuntu1.2UNKNOWN
ubuntu11.04noarchvino< 2.32.1-0ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	vino	< 2.22.2-0ubuntu1.1	UNKNOWN
ubuntu	10.04	noarch	vino	< 2.28.2-0ubuntu2.1	UNKNOWN
ubuntu	10.10	noarch	vino	< 2.32.0-0ubuntu1.2	UNKNOWN
ubuntu	11.04	noarch	vino	< 2.32.1-0ubuntu2.1	UNKNOWN