]> source.dussan.org Git - tigervnc.git/commit
projects / tigervnc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d436ad5) | patch
The ZRLE decoder relied on an assert() for boundary checks. A default
authorPierre Ossman <ossman@cendio.se>
Wed, 19 Mar 2014 12:06:24 +0000 (12:06 +0000)
committerPierre Ossman <ossman@cendio.se>
Wed, 19 Mar 2014 12:06:24 +0000 (12:06 +0000)
commit242b01eec4ba0f288f83c0e053561f97a4821db0
tree53c3527026acbca2ca4e6283749cd0ccdabfd999tree | snapshot
parentd436ad5f1385ce61b9b888a7c414b3dbfa42b8f4commit | diff
The ZRLE decoder relied on an assert() for boundary checks. A default
Release build however will remove all asserts making it possible to
overrun this buffer. This could be exploited by a malicious server.
This issue has been assigned CVE-2014-0011.

git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/branches/1_3@5163 3789f03b-4d11-0410-bbf8-ca57d06f2519
common/rfb/zrleDecode.h diff | blob | history
High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc