source.dussan.org Git - tigervnc.git/commit

]> source.dussan.org Git - tigervnc.git/commit

author	Pierre Ossman <ossman@cendio.se>
	Wed, 19 Mar 2014 12:16:48 +0000 (12:16 +0000)
committer	Pierre Ossman <ossman@cendio.se>
	Wed, 19 Mar 2014 12:16:48 +0000 (12:16 +0000)
commit	c1244c096dd9d314465a985e06d97450c8c871a2
tree	12dfc8e5b0013c09be0a5696fa5d9e1d66186de1	tree \| snapshot
parent	7ea9b2c602893ac1b7e843bcf2f64e1677f98d1d	commit \| diff

The ZRLE decoder relied on an assert() for boundary checks. A default
Release build however will remove all asserts making it possible to
overrun this buffer. This could be exploited by a malicious server.
This issue has been assigned CVE-2014-0011. Patch by Tim Waugh for
Red Hat.

git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@5167 3789f03b-4d11-0410-bbf8-ca57d06f2519

common/rfb/zrleDecode.h

diff | blob | history

High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc

RSS Atom