Bug 1426766 (CVE-2017-1000044)

Summary: CVE-2017-1000044 gtk-vnc: Incorrect boundaries check when updating framebuffer
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: berrange, bmcclain, cfergeau, dblechte, eedri, erik-fedora, fidencio, lsurette, mgoldboi, michal.skrivanek, rbalakri, rh-spice-bugs, rjones, sherold, srevivo, virt-maint, ykaul, ylavi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-12 07:50:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1426767    

Description Adam Mariš 2017-02-24 19:32:14 UTC 
gtk-vnc 0.4.2 and older doesn't check boundaries correctly when updating framebuffer which may result into memory corruption when rendering. Malicious server can crash VNC client or potentially execute code under privileges of user running VNC client.

Upstream patch:

https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737
Comment 1 Adam Mariš 2017-02-24 19:35:30 UTC 
CVE has been requested from DWF.