vulnerability
Oracle Linux: CVE-2017-7395: ELSA-2017-2000: tigervnc and fltk security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | 03/27/2017 | 08/08/2017 | 01/07/2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
03/27/2017
Added
08/08/2017
Modified
01/07/2025
Description
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service.
An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service.
Solution(s)
oracle-linux-upgrade-fltkoracle-linux-upgrade-fltk-develoracle-linux-upgrade-fltk-fluidoracle-linux-upgrade-fltk-staticoracle-linux-upgrade-tigervncoracle-linux-upgrade-tigervnc-iconsoracle-linux-upgrade-tigervnc-licenseoracle-linux-upgrade-tigervnc-serveroracle-linux-upgrade-tigervnc-server-appletoracle-linux-upgrade-tigervnc-server-minimaloracle-linux-upgrade-tigervnc-server-module
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.