CVE-2011-0904
10.05.2011, 18:55
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| david_king | vino | 2.7 |
| david_king | vino | 2.7.3 |
| david_king | vino | 2.7.3.1 |
| david_king | vino | 2.7.4 |
| david_king | vino | 2.7.4.90 |
| david_king | vino | 2.7.4.91 |
| david_king | vino | 2.7.92 |
| david_king | vino | 2.8 |
| david_king | vino | 2.9 |
| david_king | vino | 2.9.2 |
| david_king | vino | 2.10 |
| david_king | vino | 2.11 |
| david_king | vino | 2.12 |
| david_king | vino | 2.13 |
| david_king | vino | 2.13.5 |
| david_king | vino | 2.14 |
| david_king | vino | 2.15 |
| david_king | vino | 2.16 |
| david_king | vino | 2.17 |
| david_king | vino | 2.17.2 |
| david_king | vino | 2.17.4 |
| david_king | vino | 2.17.5 |
| david_king | vino | 2.17.92 |
| david_king | vino | 2.18 |
| david_king | vino | 2.18.1 |
| david_king | vino | 2.19 |
| david_king | vino | 2.19.5 |
| david_king | vino | 2.19.90 |
| david_king | vino | 2.19.92 |
| david_king | vino | 2.20 |
| david_king | vino | 2.20.1 |
| david_king | vino | 2.21 |
| david_king | vino | 2.21.1 |
| david_king | vino | 2.21.2 |
| david_king | vino | 2.21.3 |
| david_king | vino | 2.21.90 |
| david_king | vino | 2.21.91 |
| david_king | vino | 2.21.92 |
| david_king | vino | 2.22 |
| david_king | vino | 2.22.1 |
| david_king | vino | 2.22.2 |
| david_king | vino | 2.23 |
| david_king | vino | 2.23.5 |
| david_king | vino | 2.23.90 |
| david_king | vino | 2.23.91 |
| david_king | vino | 2.23.92 |
| david_king | vino | 2.24 |
| david_king | vino | 2.24.1 |
| david_king | vino | 2.25 |
| david_king | vino | 2.25.3 |
| david_king | vino | 2.25.4 |
| david_king | vino | 2.25.5 |
| david_king | vino | 2.25.90 |
| david_king | vino | 2.25.91 |
| david_king | vino | 2.25.92 |
| david_king | vino | 2.26 |
| david_king | vino | 2.26.1 |
| david_king | vino | 2.26.2 |
| david_king | vino | 2.27 |
| david_king | vino | 2.27.5 |
| david_king | vino | 2.27.90 |
| david_king | vino | 2.27.91 |
| david_king | vino | 2.27.92 |
| david_king | vino | 2.28 |
| david_king | vino | 2.28.1 |
| david_king | vino | 2.28.2 |
| david_king | vino | 2.32.0 |
| david_king | vino | 2.32.1 |
| david_king | vino | 3.0.0 |
| david_king | vino | 3.0.1 |
| david_king | vino | 3.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| kdenetwork |
| ||||||||||||
| libvncserver |
| ||||||||||||
| vino |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| vino |
| ||||||||||||||||||||||||||
| vino-lang |
|
Common Weakness Enumeration
References