Heap-based Buffer Overflow in LibVNCClient Allows Remote Code Execution

Heap-based Buffer Overflow in LibVNCClient Allows Remote Code Execution

CVE-2016-9942 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.

Learn more about our Cis Benchmark Audit For Server Software.