Vulnerability Details CVE-2017-5581
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
References
- http://rhn.redhat.com/errata/RHSA-2017-0630.html
- http://www.openwall.com/lists/oss-security/2017/01/22/1
- http://www.openwall.com/lists/oss-security/2017/01/25/6
- http://www.securityfocus.com/bid/95789
- https://access.redhat.com/errata/RHSA-2017:2000
- https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
- https://github.com/TigerVNC/tigervnc/pull/399
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1
- https://security.gentoo.org/glsa/201702-19
- http://rhn.redhat.com/errata/RHSA-2017-0630.html
- http://www.openwall.com/lists/oss-security/2017/01/22/1
- http://www.openwall.com/lists/oss-security/2017/01/25/6
- http://www.securityfocus.com/bid/95789
- https://access.redhat.com/errata/RHSA-2017:2000
- https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
- https://github.com/TigerVNC/tigervnc/pull/399
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1
- https://security.gentoo.org/glsa/201702-19
Products affected by CVE-2017-5581
-
cpe:2.3:a:tigervnc:tigervnc:-
-
cpe:2.3:a:tigervnc:tigervnc:0.0.90
-
cpe:2.3:a:tigervnc:tigervnc:0.0.91
-
cpe:2.3:a:tigervnc:tigervnc:1.0
-
cpe:2.3:a:tigervnc:tigervnc:1.0.0
-
cpe:2.3:a:tigervnc:tigervnc:1.0.1
-
cpe:2.3:a:tigervnc:tigervnc:1.0.90
-
cpe:2.3:a:tigervnc:tigervnc:1.1
-
cpe:2.3:a:tigervnc:tigervnc:1.1.0
-
cpe:2.3:a:tigervnc:tigervnc:1.1.90
-
cpe:2.3:a:tigervnc:tigervnc:1.2.0
-
cpe:2.3:a:tigervnc:tigervnc:1.2.90
-
cpe:2.3:a:tigervnc:tigervnc:1.3
-
cpe:2.3:a:tigervnc:tigervnc:1.3.1
-
cpe:2.3:a:tigervnc:tigervnc:1.3.90
-
cpe:2.3:a:tigervnc:tigervnc:1.4.0
-
cpe:2.3:a:tigervnc:tigervnc:1.4.1
-
cpe:2.3:a:tigervnc:tigervnc:1.4.2
-
cpe:2.3:a:tigervnc:tigervnc:1.4.3
-
cpe:2.3:a:tigervnc:tigervnc:1.4.90
-
cpe:2.3:a:tigervnc:tigervnc:1.5.0
-
cpe:2.3:a:tigervnc:tigervnc:1.5.90
-
cpe:2.3:a:tigervnc:tigervnc:1.6.0
-
cpe:2.3:a:tigervnc:tigervnc:1.6.90
-
cpe:2.3:a:tigervnc:tigervnc:1.7