Home

CVE-2016-9942

Description

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.836

Associated Vulnerability

VulnerabilityOS Platform
vnc server library (USN-2365-1) libvncserver0_0.9.8.2-2ubuntu1.2_i386.debLinux
vnc server library (USN-2365-1) libvncserver0_0.9.8.2-2ubuntu1.2_amd64.debLinux
vnc server library (USN-2365-1) libvncserver0_0.9.9+dfsg-1ubuntu1.2_i386.debLinux
vnc server library (USN-2365-1) libvncserver0_0.9.9+dfsg-1ubuntu1.2_amd64.debLinux
vnc server library (USN-3171-1) libvncclient1_0.9.10+dfsg-3ubuntu0.16.10.1_i386.debLinux
vnc server library (USN-3171-1) libvncclient1_0.9.10+dfsg-3ubuntu0.16.10.1_amd64.debLinux
vnc server library (USN-3171-1) libvncserver0_0.9.8.2-2ubuntu1.2_i386.debLinux
vnc server library (USN-3171-1) libvncserver0_0.9.8.2-2ubuntu1.2_amd64.debLinux
vnc server library (USN-3171-1) libvncserver0_0.9.9+dfsg-1ubuntu1.2_i386.debLinux
vnc server library (USN-3171-1) libvncserver0_0.9.9+dfsg-1ubuntu1.2_amd64.debLinux
vnc server library (USN-3171-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.04.1_i386.debLinux
vnc server library (USN-3171-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.04.1_amd64.debLinux
vnc server library (USN-3171-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.10.1_i386.debLinux
vnc server library (USN-3171-1) libvncserver1_0.9.10+dfsg-3ubuntu0.16.10.1_amd64.debLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) LibVNCServer-debugsource-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncclient0-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncclient0-debuginfo-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncserver0-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncserver0-debuginfo-0.9.9-17.5.1.x86_64.rpmLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-client_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-client_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-master_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-master_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) libitalccore_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) libitalccore_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234