Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-9942
HistoryDec 31, 2016 - 12:00 a.m.

CVE-2016-9942

2016-12-3100:00:00
ubuntu.com
ubuntu.com
9

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

85.5%

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer
before 0.9.11 allows remote servers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message with the Ultra type tile, such that the LZO
payload decompressed length exceeds what is specified by the tile
dimensions.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchitalc< 1:3.0.1+dfsg1-1UNKNOWN
ubuntu16.04noarchitalc< 1:2.0.2+dfsg1-4ubuntu0.1UNKNOWN
ubuntu12.04noarchlibvncserver< 0.9.8.2-2ubuntu1.2UNKNOWN
ubuntu14.04noarchlibvncserver< 0.9.9+dfsg-1ubuntu1.2UNKNOWN
ubuntu16.04noarchlibvncserver< 0.9.10+dfsg-3ubuntu0.16.04.1UNKNOWN
ubuntu16.10noarchlibvncserver< 0.9.10+dfsg-3ubuntu0.16.10.1UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

85.5%