Bug 6165 - TigerVNC hextileDecode.h buffer overflow
Summary: TigerVNC hextileDecode.h buffer overflow
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VNC (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.8.0
Assignee: Peter Åstrand
Keywords: derfian_tester, relnotes
Depends on: 6153
  Show dependency treegraph
Reported: 2017-02-08 11:01 CET by Peter Åstrand
Modified: 2017-03-27 14:41 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Peter Åstrand cendio 2017-02-08 11:01:02 CET
This bug corresponds to the upstream Issue https://github.com/TigerVNC/tigervnc/pull/378:

"The hextileDecodexx functions do not properly check for out-of-bounds pixel buffer writes,
which allows a malicious server to overwrite parts of the stack."
Comment 3 Karl Mikaelsson cendio 2017-02-10 16:30:49 CET
I haven't been able to reproduce any original problem (4.7.0 and nightly clients behave the same). I can confirm that the code referenced in the pull request is present in our source code repositories.

Note You need to log in before you can comment on or make changes to this bug.