Bugzilla – Bug 6165
TigerVNC hextileDecode.h buffer overflow
Last modified: 2017-03-27 14:41:45
You need to
before you can comment on or make changes to this bug.
This bug corresponds to the upstream Issue
"The hextileDecodexx functions do not properly check for out-of-bounds pixel
which allows a malicious server to overwrite parts of the stack."
I haven't been able to reproduce any original problem (4.7.0 and nightly
clients behave the same). I can confirm that the code referenced in the pull
request is present in our source code repositories.