Vulnerability Details CVE-2017-5581
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
References
- http://rhn.redhat.com/errata/RHSA-2017-0630.html
- http://www.openwall.com/lists/oss-security/2017/01/22/1
- http://www.openwall.com/lists/oss-security/2017/01/25/6
- http://www.securityfocus.com/bid/95789
- https://access.redhat.com/errata/RHSA-2017:2000
- https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
- https://github.com/TigerVNC/tigervnc/pull/399
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1
- https://security.gentoo.org/glsa/201702-19
- http://rhn.redhat.com/errata/RHSA-2017-0630.html
- http://www.openwall.com/lists/oss-security/2017/01/22/1
- http://www.openwall.com/lists/oss-security/2017/01/25/6
- http://www.securityfocus.com/bid/95789
- https://access.redhat.com/errata/RHSA-2017:2000
- https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
- https://github.com/TigerVNC/tigervnc/pull/399
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1
- https://security.gentoo.org/glsa/201702-19
Products affected by CVE-2017-5581
-
cpe:2.3:a:tigervnc:tigervnc:-
-
cpe:2.3:a:tigervnc:tigervnc:0.0.90
-
cpe:2.3:a:tigervnc:tigervnc:0.0.91
-
cpe:2.3:a:tigervnc:tigervnc:1.0
-
cpe:2.3:a:tigervnc:tigervnc:1.0.0
-
cpe:2.3:a:tigervnc:tigervnc:1.0.1
-
cpe:2.3:a:tigervnc:tigervnc:1.0.90
-
cpe:2.3:a:tigervnc:tigervnc:1.1
-
cpe:2.3:a:tigervnc:tigervnc:1.1.0
-
cpe:2.3:a:tigervnc:tigervnc:1.1.90
-
cpe:2.3:a:tigervnc:tigervnc:1.2.0
-
cpe:2.3:a:tigervnc:tigervnc:1.2.90
-
cpe:2.3:a:tigervnc:tigervnc:1.3
-
cpe:2.3:a:tigervnc:tigervnc:1.3.1
-
cpe:2.3:a:tigervnc:tigervnc:1.3.90
-
cpe:2.3:a:tigervnc:tigervnc:1.4.0
-
cpe:2.3:a:tigervnc:tigervnc:1.4.1
-
cpe:2.3:a:tigervnc:tigervnc:1.4.2
-
cpe:2.3:a:tigervnc:tigervnc:1.4.3
-
cpe:2.3:a:tigervnc:tigervnc:1.4.90
-
cpe:2.3:a:tigervnc:tigervnc:1.5.0
-
cpe:2.3:a:tigervnc:tigervnc:1.5.90
-
cpe:2.3:a:tigervnc:tigervnc:1.6.0
-
cpe:2.3:a:tigervnc:tigervnc:1.6.90
-
cpe:2.3:a:tigervnc:tigervnc:1.7