Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in LibVNCServer before 0.9.11 that allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. Upstream patch: https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2 Upstream bug: https://github.com/LibVNC/libvncserver/pull/137
Created libvncserver tracking bugs for this issue: Affects: fedora-all [bug 1410178] Affects: epel-5 [bug 1410179] Affects: epel-7 [bug 1410180]
libvncserver-0.9.11-2.fc24.1 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.