oss-sec mailing list archives
TigerVNC 1.3.1 fixes ZRLE decoding bounds checking issue
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 19 Mar 2014 18:24:02 +0100
Hi! New release of TigerVNC fixes an issue with boundary checks in the ZRLE decoding. Boundary checks existed in the code in form of assert()s, which were removed in builds with NDEBUG defined. That is default for release builds done by cmake, which is used by TigerVNC. This could possibly allow malicious server to compromise vncviewer. The same problem may affect related *VNC implementations if built with NDEBUG. CVE-2014-0011 was assigned to the issue. References: http://sourceforge.net/p/tigervnc/mailman/message/32120476/ http://sourceforge.net/p/tigervnc/code/5163 http://sourceforge.net/p/tigervnc/code/5164 https://bugzilla.redhat.com/show_bug.cgi?id=1050928 -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- TigerVNC 1.3.1 fixes ZRLE decoding bounds checking issue Tomas Hoger (Mar 19)