CVE-2016-9942
- Source
- https://cve.org/CVERecord?id=CVE-2016-9942
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9942.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-9942
- Downstream
- Related
- Published
- 2016-12-31T18:59:00.180Z
- Modified
- 2026-05-17T11:54:04.305418861Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
- References
-
- http://www.securityfocus.com/bid/95170
- https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
- https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
- https://usn.ubuntu.com/4587-1/
- http://www.debian.org/security/2017/dsa-3753
- https://security.gentoo.org/glsa/201702-24
- https://github.com/LibVNC/libvncserver/pull/137