Fluid Attacks Database

Description

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
debian 14	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
debian 11	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
rpm rhel5	gtk-vnc	-	-
rpm rhel7	gtk-vnc	<0:0.7.0-2.el7	0:0.7.0-2.el7
debian 12	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
rpm rhel6	gtk-vnc	-	-

Aliases

1. CVE-2017-58842. NVD-2017-58843. OSV-DEBIAN-2017-58844. OSV-2017-58845. SECURITY-TRACKER-CVE-2017-5884

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.