Home

CVE-2017-5884

Description

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.457

Associated Vulnerability

VulnerabilityOS Platform
VNC viewer widget (USN-3203-1) libgvnc-1.0-0_0.5.0-1ubuntu1.1_i386.debLinux
VNC viewer widget (USN-3203-1) libgvnc-1.0-0_0.5.0-1ubuntu1.1_amd64.debLinux
VNC viewer widget (USN-3203-1) libgvnc-1.0-0_0.5.3-0ubuntu2.1_i386.debLinux
VNC viewer widget (USN-3203-1) libgvnc-1.0-0_0.5.3-0ubuntu2.1_amd64.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-1.0-0_0.5.0-1ubuntu1.1_i386.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-1.0-0_0.5.0-1ubuntu1.1_amd64.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-1.0-0_0.5.3-0ubuntu2.1_i386.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-1.0-0_0.5.3-0ubuntu2.1_amd64.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-2.0-0_0.5.0-1ubuntu1.1_i386.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-2.0-0_0.5.0-1ubuntu1.1_amd64.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-2.0-0_0.5.3-0ubuntu2.1_i386.debLinux
VNC viewer widget (USN-3203-1) libgtk-vnc-2.0-0_0.5.3-0ubuntu2.1_amd64.debLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc-devel-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc-devel-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc-python-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc2-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc2-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc2-devel-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gtk-vnc2-devel-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvnc-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvnc-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvnc-devel-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvnc-devel-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvnc-tools-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvncpulse-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvncpulse-0.7.0-2.el7.x86_64.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvncpulse-devel-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258) Moderate: gtk-vnc security, bug fix, and enhancement update gvncpulse-devel-0.7.0-2.el7.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) gtk-vnc-debugsource-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) gtk-vnc2-debugsource-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) libgtk-vnc-1_0-0-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) libgtk-vnc-2_0-0-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) libgvnc-1_0-0-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) libgvnc-1_0-0-debuginfo-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) python-gtk-vnc-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) python-gtk-vnc-debuginfo-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1.x86_64.rpmLinux
SUSE-SU-2021:3125-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-GVnc-1_0-0.6.0-11.3.1.x86_64.rpmLinux
(RHSA-2017:2258)Moderate: security, bug fix, and enhancement update gtk-vnc-debuginfo-0.7.0-2.el7.i686.rpmLinux
(RHSA-2017:2258)Moderate: security, bug fix, and enhancement update gtk-vnc-debuginfo-0.7.0-2.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234