www.cendio.com

Bug 6165

Summary: TigerVNC hextileDecode.h buffer overflow
Product: ThinLinc Reporter: Peter Åstrand <astrand@cendio.se>
Component: VNCAssignee: Peter Åstrand <astrand@cendio.se>
Status: CLOSED FIXED QA Contact: Bugzilla mail exporter <bugzilla-qa@cendio.se>
Severity: Normal    
Priority: P2 CC: samuel@cendio.se
Version: trunkKeywords: derfian_tester, relnotes
Target Milestone: 4.8.0   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:
Bug Depends on: 6153    
Bug Blocks:    

Description From cendio 2017-02-08 11:01:02
This bug corresponds to the upstream Issue
https://github.com/TigerVNC/tigervnc/pull/378:

"The hextileDecodexx functions do not properly check for out-of-bounds pixel
buffer writes,
which allows a malicious server to overwrite parts of the stack."
------- Comment #3 From cendio 2017-02-10 16:30:49 -------
I haven't been able to reproduce any original problem (4.7.0 and nightly
clients behave the same). I can confirm that the code referenced in the pull
request is present in our source code repositories.