GNOME gtk-vnc 0.4.2

CPE Details

GNOME gtk-vnc 0.4.2
gnome
gtk-vnc
0.4.2
2017-07-19
14h04 +00:00
2021-05-27
16h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnome:gtk-vnc:0.4.2:*:*:*:*:*:*:*

Informations

Vendor

gnome

Product

gtk-vnc

Version

0.4.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-1000044 2017-07-13 18h00 +00:00 gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
9.8
Critical
CVE-2017-5884 2017-02-28 17h00 +00:00 gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
7.8
High
CVE-2017-5885 2017-02-28 17h00 +00:00 Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.