Fluid Attacks Database

Description

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
debian 14	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
debian 11	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
debian 13	gtk-vnc	>=0 <0.6.0-3	0.6.0-3
rpm rhel7	gtk-vnc	<0:0.7.0-2.el7	0:0.7.0-2.el7
rpm rhel5	gtk-vnc	-	-
rpm rhel6	gtk-vnc	-	-

Aliases

1. CVE-2017-58852. NVD-2017-58853. OSV-DEBIAN-2017-58854. OSV-2017-58855. SECURITY-TRACKER-CVE-2017-5885

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.