FKIE_CVE-2016-9942

Vulnerability from fkie_nvd - Published: 2016-12-31 18:59 - Updated: 2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
References
cve@mitre.orghttp://www.debian.org/security/2017/dsa-3753
cve@mitre.orghttp://www.securityfocus.com/bid/95170
cve@mitre.orghttps://github.com/LibVNC/libvncserver/pull/137
cve@mitre.orghttps://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
cve@mitre.orghttps://security.gentoo.org/glsa/201702-24
cve@mitre.orghttps://usn.ubuntu.com/4587-1/
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3753
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95170
af854a3a-2127-422b-91ae-364da2661108https://github.com/LibVNC/libvncserver/pull/137
af854a3a-2127-422b-91ae-364da2661108https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-24
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4587-1/
Impacted products
Vendor Product Version
libvncserver_project libvncserver 0.9.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libvncserver_project:libvncserver:0.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6241012-4420-4432-B0C6-9450E091D14E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en ultra.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje FramebufferUpdate manipulado con el t\u00edtulo de tipo Ultra, de manera que la longitud de la carga \u00fatil LZO descomprimida excede lo especificado por las dimensiones del azulejo."
    }
  ],
  "id": "CVE-2016-9942",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-31T18:59:00.180",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2017/dsa-3753"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/95170"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/LibVNC/libvncserver/pull/137"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201702-24"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4587-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2017/dsa-3753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/LibVNC/libvncserver/pull/137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201702-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4587-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.