www.cendio.com
Bug 6165 - TigerVNC hextileDecode.h buffer overflow
: TigerVNC hextileDecode.h buffer overflow
Status: CLOSED FIXED
: ThinLinc
VNC
: trunk
: PC Unknown
: P2 Normal
: 4.8.0
Assigned To:
:
:
: 6153
:
  Show dependency treegraph
 
Reported: 2017-02-08 11:01 by
Modified: 2017-03-27 14:41 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2017-02-08 11:01:02
This bug corresponds to the upstream Issue
https://github.com/TigerVNC/tigervnc/pull/378:

"The hextileDecodexx functions do not properly check for out-of-bounds pixel
buffer writes,
which allows a malicious server to overwrite parts of the stack."
------- Comment #3 From cendio 2017-02-10 16:30:49 -------
I haven't been able to reproduce any original problem (4.7.0 and nightly
clients behave the same). I can confirm that the code referenced in the pull
request is present in our source code repositories.