{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-31T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-23T12:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "95170", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95170"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LibVNC/libvncserver/pull/137"}, {"name": "DSA-3753", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3753"}, {"name": "GLSA-201702-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-24"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11"}, {"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}, {"name": "USN-4587-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4587-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9942", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "95170", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95170"}, {"name": "https://github.com/LibVNC/libvncserver/pull/137", "refsource": "CONFIRM", "url": "https://github.com/LibVNC/libvncserver/pull/137"}, {"name": "DSA-3753", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3753"}, {"name": "GLSA-201702-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-24"}, {"name": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11", "refsource": "CONFIRM", "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11"}, {"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}, {"name": "USN-4587-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4587-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:07:31.414Z"}, "title": "CVE Program Container", "references": [{"name": "95170", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95170"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/LibVNC/libvncserver/pull/137"}, {"name": "DSA-3753", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3753"}, {"name": "GLSA-201702-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-24"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11"}, {"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}, {"name": "USN-4587-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4587-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9942", "datePublished": "2016-12-31T18:00:00", "dateReserved": "2016-12-13T00:00:00", "dateUpdated": "2024-08-06T03:07:31.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libvncserver_project:libvncserver:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "C6241012-4420-4432-B0C6-9450E091D14E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en ultra.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje FramebufferUpdate manipulado con el t\u00edtulo de tipo Ultra, de manera que la longitud de la carga \u00fatil LZO descomprimida excede lo especificado por las dimensiones del azulejo."}], "id": "CVE-2016-9942", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-31T18:59:00.180", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3753"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/95170"}, {"source": "cve@mitre.org", "url": "https://github.com/LibVNC/libvncserver/pull/137"}, {"source": "cve@mitre.org", "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201702-24"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4587-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/95170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/LibVNC/libvncserver/pull/137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201702-24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4587-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libvncserver: Heap-based buffer overflow in ultra.c", "id": "1410168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410168"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions."], "name": "CVE-2016-9942", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libvncserver", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libvncserver", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-11-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9942\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9942"], "threat_severity": "Moderate"}

{}