possible denial of service or code execution via integer overflow
Bug #1352421 reported by
Jonathan Riddell
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
krfb (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
http://
Overview
========
krfb embeds libvncserver which embeds liblzo2, it contains various flaws
that result in integer overflow problems.
Impact
======
This potentially allows a malicious application to create a possible denial of service or code execution.
Due to the need to exploit precise details of the target architecture and threading
it is unlikely that remote code execution can be achieved in practice.
CVE References
tags: | added: verification-done |
To post a comment you must log in.
Note the CVE is the same as the one for liblzo2 CVE-2014-4607