PT-2017-16736 · Gnome+5 · Gtk-Vnc+5

Josef Gajdusek

Published

2017-02-07

Updated

2024-06-15

CVE-2017-5885

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gtk-vnc versions prior to 0.7.0

Description The issue is related to multiple integer overflows in the vnc connection server message and vnc color map set functions. These overflows can be triggered by remote servers via vectors involving SetColorMapEntries, potentially leading to a buffer overflow. This could cause a denial of service (crash) or possibly allow the execution of arbitrary code.

Recommendations For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vnc connection server message and vnc color map set functions until a patch is available.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2017-1146

CESA-2017_2258

CVE-2017-5885

DLA-831-1

MGASA-2017-0057

OPENSUSE-SU-2024:10833-1

RHSA-2017:2258

RHSA-2017_2258

SUSE-SU-2021:3125-1

USN-3203-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Gtk-Vnc

PT-2017-16736 · Gnome+5 · Gtk-Vnc+5

CVE-2017-5885

Weakness Enumeration

Related Identifiers

Affected Products

References · 30