Tigervnc CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Tigervnc CVE published 2017-02-28

CVE-2017-5581

CVE-2017-5581 is a critical buffer overflow in TigerVNC’s ModifiablePixelBuffer::fillRect path. NVD describes the issue as reachable through an RRE message whose subrectangle lies outside framebuffer boundaries, with a CVSS 3.0 score of 9.8 and potential for remote code execution. The vulnerable range in the supplied NVD CPE data ends at TigerVNC 1.7, and the upstream release tag and patch references poin [truncated]

HIGH Tigervnc CVE published 2017-02-28

CVE-2016-10207

CVE-2016-10207 is a remote denial-of-service issue in TigerVNC’s Xvnc server. According to NVD, an attacker can trigger invalid memory access and a crash by terminating a TLS handshake early. The issue is publicly recorded with CVSS 3.0 7.5 (High) and does not require authentication or user interaction.