7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.3%
Package : gtk-vnc
Version : 0.5.0-3.1+deb7u1
CVE ID : CVE-2017-5884 CVE-2017-5885
Debian Bug : 854450
Josef Gajdusek discovered two vulnerabilities in gtk-vnc, a VNC viewer
widget for GTK:
CVE-2017-5884
Fix bounds checking for RRE, hextile & copyrec encodings. This bug
allowed a remote server to cause a denial of service by buffer
overflow via a carefully crafted message containing subrectangles
outside the drawing area.
CVE-2017-5885
Correctly validate color map range indexes. This bug allowed a
remote server to cause a denial of service by buffer overflow via
a carefully crafted message with out-of-range colour values.
For Debian 7 "Wheezy", these problems have been fixed in version
0.5.0-3.1+deb7u1.
We recommend that you upgrade your gtk-vnc packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Jonas Meurer
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | i386 | gvncviewer | < 0.5.0-3.1+deb7u1 | gvncviewer_0.5.0-3.1+deb7u1_i386.deb |
Debian | 7 | armel | python-gtk-vnc | < 0.5.0-3.1+deb7u1 | python-gtk-vnc_0.5.0-3.1+deb7u1_armel.deb |
Debian | 7 | armel | gvncviewer | < 0.5.0-3.1+deb7u1 | gvncviewer_0.5.0-3.1+deb7u1_armel.deb |
Debian | 7 | i386 | libgtk-vnc-1.0-0-dbg | < 0.5.0-3.1+deb7u1 | libgtk-vnc-1.0-0-dbg_0.5.0-3.1+deb7u1_i386.deb |
Debian | 7 | amd64 | libgvnc-1.0-dev | < 0.5.0-3.1+deb7u1 | libgvnc-1.0-dev_0.5.0-3.1+deb7u1_amd64.deb |
Debian | 7 | amd64 | libgtk-vnc-2.0-0-dbg | < 0.5.0-3.1+deb7u1 | libgtk-vnc-2.0-0-dbg_0.5.0-3.1+deb7u1_amd64.deb |
Debian | 7 | i386 | libgtk-vnc-1.0-0 | < 0.5.0-3.1+deb7u1 | libgtk-vnc-1.0-0_0.5.0-3.1+deb7u1_i386.deb |
Debian | 7 | armhf | libgtk-vnc-1.0-dev | < 0.5.0-3.1+deb7u1 | libgtk-vnc-1.0-dev_0.5.0-3.1+deb7u1_armhf.deb |
Debian | 7 | armel | mozilla-gtk-vnc | < 0.5.0-3.1+deb7u1 | mozilla-gtk-vnc_0.5.0-3.1+deb7u1_armel.deb |
Debian | 7 | armel | libgtk-vnc-1.0-dev | < 0.5.0-3.1+deb7u1 | libgtk-vnc-1.0-dev_0.5.0-3.1+deb7u1_armel.deb |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.3%