{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/01/22/1"}, {"name": "RHSA-2017:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0630.html"}, {"name": "RHSA-2017:2000", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2000"}, {"name": "GLSA-201702-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-19"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TigerVNC/tigervnc/pull/399"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1"}, {"name": "[oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/01/25/6"}, {"name": "95789", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95789"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-5581", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/01/22/1"}, {"name": "RHSA-2017:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0630.html"}, {"name": "RHSA-2017:2000", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2000"}, {"name": "GLSA-201702-19", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-19"}, {"name": "https://github.com/TigerVNC/tigervnc/pull/399", "refsource": "CONFIRM", "url": "https://github.com/TigerVNC/tigervnc/pull/399"}, {"name": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba", "refsource": "CONFIRM", "url": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba"}, {"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1", "refsource": "CONFIRM", "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1"}, {"name": "[oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/01/25/6"}, {"name": "95789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95789"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:04:15.341Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/01/22/1"}, {"name": "RHSA-2017:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0630.html"}, {"name": "RHSA-2017:2000", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2000"}, {"name": "GLSA-201702-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-19"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TigerVNC/tigervnc/pull/399"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1"}, {"name": "[oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/01/25/6"}, {"name": "95789", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95789"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-5581", "datePublished": "2017-02-28T18:00:00", "dateReserved": "2017-01-25T00:00:00", "dateUpdated": "2024-08-05T15:04:15.341Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*", "matchCriteriaId": "990779CD-71C1-4725-A6AF-C1CE09DDE0DC", "versionEndIncluding": "1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n ModifiablePixelBuffer::fillRect en TigerVNC en versiones anteriores a 1.7.1 permite a servidores remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje RRE con un subrectangulo fuera de los l\u00edmites del marco del b\u00fafer."}], "id": "CVE-2017-5581", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-28T18:59:00.360", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0630.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/22/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/25/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95789"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2017:2000"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/TigerVNC/tigervnc/pull/399"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201702-19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0630.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/25/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/TigerVNC/tigervnc/pull/399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201702-19"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0630", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "tigervnc-0:1.1.0-24.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-21T00:00:00Z"}, {"advisory": "RHSA-2017:2000", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "fltk-0:1.3.4-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2000", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "tigervnc-0:1.8.0-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}], "bugzilla": {"description": "tigervnc: Buffer overflow in ModifiablePixelBuffer::fillRect", "id": "1415712", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415712"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-119", "details": ["Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.", "A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service."], "name": "CVE-2017-5581", "public_date": "2017-01-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-5581\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5581"], "threat_severity": "Low"}