CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
libvncserver_projectlibvncserver
0.9.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvncserver
bookworm
0.9.14+dfsg-1
fixed
bullseye
0.9.13+dfsg-2+deb11u1
fixed
sid
0.9.14+dfsg-1
fixed
trixie
0.9.14+dfsg-1
fixed
veyon
bookworm
4.7.5+repack1-1
fixed
bullseye
4.5.3+repack1-1
fixed
sid
4.7.5+repack1-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
italc
bionic
Fixed 1:3.0.1+dfsg1-1
released
focal
dne
trusty
dne
xenial
Fixed 1:2.0.2+dfsg1-4ubuntu0.1
released
libvncserver
precise
Fixed 0.9.8.2-2ubuntu1.2
released
trusty
Fixed 0.9.9+dfsg-1ubuntu1.2
released
xenial
Fixed 0.9.10+dfsg-3ubuntu0.16.04.1
released
yakkety
Fixed 0.9.10+dfsg-3ubuntu0.16.10.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libXvnc1
suse enterprise sap 12 SP2
1.6.0-16.4
fixed
suse enterprise server 12 SP2
1.6.0-16.4
fixed
libvncclient0
suse enterprise sap 12 SP2
0.9.9-17.5.1
fixed
suse enterprise sap 12 SP3
0.9.9-17.5.1
fixed
suse enterprise sap 12 SP5
0.9.9-17.14.1
fixed
suse enterprise server 12 SP2
0.9.9-17.5.1
fixed
suse enterprise server 12 SP3
0.9.9-17.5.1
fixed
suse enterprise server 12 SP4
0.9.9-17.5.1
fixed
suse enterprise server 12 SP5
0.9.9-17.14.1
fixed
libvncserver0
suse enterprise sap 12 SP2
0.9.9-17.5.1
fixed
suse enterprise sap 12 SP3
0.9.9-17.5.1
fixed
suse enterprise sap 12 SP5
0.9.9-17.14.1
fixed
suse enterprise server 12 SP2
0.9.9-17.5.1
fixed
suse enterprise server 12 SP3
0.9.9-17.5.1
fixed
suse enterprise server 12 SP4
0.9.9-17.5.1
fixed
suse enterprise server 12 SP5
0.9.9-17.14.1
fixed
tigervnc
suse enterprise sap 12 SP1
1.4.3-19.1
fixed
suse enterprise sap 12 SP2
1.6.0-16.4
fixed
suse enterprise server 12 SP1
1.4.3-19.1
fixed
suse enterprise server 12 SP2
1.6.0-16.4
fixed
xorg-x11-Xvnc
suse enterprise sap 12 SP1
1.4.3-19.1
fixed
suse enterprise sap 12 SP2
1.6.0-16.4
fixed
suse enterprise server 12 SP1
1.4.3-19.1
fixed
suse enterprise server 12 SP2
1.6.0-16.4
fixed
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3753
http://www.securityfocus.com/bid/95170
https://github.com/LibVNC/libvncserver/pull/137
https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://security.gentoo.org/glsa/201702-24
https://usn.ubuntu.com/4587-1/
http://www.debian.org/security/2017/dsa-3753
http://www.securityfocus.com/bid/95170
https://github.com/LibVNC/libvncserver/pull/137
https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://security.gentoo.org/glsa/201702-24
https://usn.ubuntu.com/4587-1/