Upstream information

CVE-2014-0011 at MITRE

Description

Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 9.8
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entries: 869307 [RESOLVED / FIXED], 900896 [RESOLVED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • tigervnc >= 1.3.0-17.3
  • xorg-x11-Xvnc >= 1.3.0-17.3
Patchnames:
SUSE Linux Enterprise Desktop 12 GA tigervnc
SUSE Linux Enterprise Desktop 12 SP1
  • tigervnc >= 1.4.3-7.2
  • xorg-x11-Xvnc >= 1.4.3-7.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA tigervnc
SUSE Linux Enterprise Desktop 12 SP2
  • libXvnc1 >= 1.6.0-12.6
  • tigervnc >= 1.6.0-12.6
  • xorg-x11-Xvnc >= 1.6.0-12.6
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libXvnc1
SUSE Linux Enterprise Desktop 12 SP3
  • libXvnc1 >= 1.6.0-18.11.1
  • tigervnc >= 1.6.0-18.11.1
  • xorg-x11-Xvnc >= 1.6.0-18.11.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libXvnc1
SUSE Linux Enterprise Desktop 12 SP4
  • libXvnc1 >= 1.6.0-18.23.72
  • tigervnc >= 1.6.0-18.23.72
  • xorg-x11-Xvnc >= 1.6.0-18.23.72
Patchnames:
SUSE Linux Enterprise Desktop 12 SP4 GA libXvnc1
SUSE Linux Enterprise High Performance Computing 12 SP5
  • libXvnc1 >= 1.6.0-22.7.1
  • tigervnc >= 1.6.0-22.7.1
  • xorg-x11-Xvnc >= 1.6.0-22.7.1
Patchnames:
SUSE Linux Enterprise High Performance Computing 12 SP5 GA libXvnc1
SUSE Linux Enterprise Module for Basesystem 15
  • libXvnc1 >= 1.8.0-11.23
  • tigervnc >= 1.8.0-11.23
  • xorg-x11-Xvnc >= 1.8.0-11.23
  • xorg-x11-Xvnc-novnc >= 1.8.0-11.23
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA libXvnc1
SUSE Linux Enterprise Module for Desktop Applications 15
  • libXvnc-devel >= 1.8.0-11.23
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA libXvnc-devel
SUSE Linux Enterprise Server 12
  • tigervnc >= 1.3.0-17.3
  • xorg-x11-Xvnc >= 1.3.0-17.3
Patchnames:
SUSE Linux Enterprise Server 12 GA tigervnc
SUSE Linux Enterprise Server 12 SP1
  • tigervnc >= 1.4.3-7.2
  • xorg-x11-Xvnc >= 1.4.3-7.2
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA tigervnc
SUSE Linux Enterprise Server 12 SP2
  • libXvnc1 >= 1.6.0-12.6
  • tigervnc >= 1.6.0-12.6
  • xorg-x11-Xvnc >= 1.6.0-12.6
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libXvnc1
SUSE Linux Enterprise Server 12 SP3
  • libXvnc1 >= 1.6.0-18.11.1
  • tigervnc >= 1.6.0-18.11.1
  • xorg-x11-Xvnc >= 1.6.0-18.11.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libXvnc1
SUSE Linux Enterprise Server 12 SP4
  • libXvnc1 >= 1.6.0-18.23.72
  • tigervnc >= 1.6.0-18.23.72
  • xorg-x11-Xvnc >= 1.6.0-18.23.72
Patchnames:
SUSE Linux Enterprise Server 12 SP4 GA libXvnc1
SUSE Linux Enterprise Server 12 SP5
  • libXvnc1 >= 1.6.0-22.7.1
  • tigervnc >= 1.6.0-22.7.1
  • xorg-x11-Xvnc >= 1.6.0-22.7.1
Patchnames:
SUSE Linux Enterprise Server 12 SP5 GA libXvnc1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libXvnc1 >= 1.6.0-12.6
  • tigervnc >= 1.6.0-12.6
  • xorg-x11-Xvnc >= 1.6.0-12.6
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libXvnc1
openSUSE Leap 15.0
  • libXvnc1 >= 1.8.0-lp150.9.1
  • tigervnc >= 1.8.0-lp150.9.1
  • xorg-x11-Xvnc >= 1.8.0-lp150.9.1
Patchnames:
openSUSE Leap 15.0 GA libXvnc1
openSUSE Leap 42.1
  • tigervnc >= 1.5.0-11.1
  • xorg-x11-Xvnc >= 1.5.0-11.1
Patchnames:
openSUSE Leap 42.1 GA tigervnc
openSUSE Leap 42.2
  • libXvnc1 >= 1.6.0-1.4
  • tigervnc >= 1.6.0-1.4
  • xorg-x11-Xvnc >= 1.6.0-1.4
Patchnames:
openSUSE Leap 42.2 GA libXvnc1
openSUSE Leap 42.3
  • libXvnc1 >= 1.6.0-19.2
  • tigervnc >= 1.6.0-19.2
  • xorg-x11-Xvnc >= 1.6.0-19.2
Patchnames:
openSUSE Leap 42.3 GA libXvnc1
openSUSE Tumbleweed
  • libXvnc-devel >= 1.7.0-2.1
  • libXvnc1 >= 1.7.0-2.1
  • tigervnc >= 1.7.0-2.1
  • xorg-x11-Xvnc >= 1.7.0-2.1
Patchnames:
openSUSE Tumbleweed GA libXvnc-devel