CVE-2011-0904

Description

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

Category

3.5
CVSS
Severity: Low
CVSS 2.0 •
EPSS 1.02% Top 25%
Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory vupen.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://exchange.xforce.ibmcloud.com/vulnerabilities/67243 vdb entry
http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0 patch
http://www.ubuntu.com/usn/usn-1128-1/ vendor advisory
http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a patch
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:087 vendor advisory
http://rhn.redhat.com/errata/RHSA-2013-0169.html vendor advisory
http://secunia.com/advisories/44410 third party advisory vendor advisory
http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news
http://www.vupen.com/english/advisories/2011/1144 vdb entry vendor advisory
http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news
http://www.securityfocus.com/bid/47681 vdb entry
http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f patch
http://git.gnome.org/browse/vino/log/?h=gnome-2-30 patch
http://www.debian.org/security/2011/dsa-2238 vendor advisory
http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d patch
https://bugzilla.gnome.org/show_bug.cgi?id=641802 patch
http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4 patch
https://bugzilla.redhat.com/show_bug.cgi?id=694455 patch
http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279 patch
http://secunia.com/advisories/44463 third party advisory vendor advisory
http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news
http://git.gnome.org/browse/vino/tree/NEWS

Frequently Asked Questions

What is the severity of CVE-2011-0904?
CVE-2011-0904 has been scored as a low severity vulnerability.
How to fix CVE-2011-0904?
To fix CVE-2011-0904, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2011-0904 being actively exploited in the wild?
It is possible that CVE-2011-0904 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.