705adbaf9a
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-CMakeLists.txt-fix-build-without-C.patch | ||
| 0002-libvnc-client-server-.pc.cmakein-remove-zlib.patch | ||
| 0003-Limit-lenght-to-INT_MAX-bytes-in-rfbProcessFileTransferReadBuffer.patch | ||
| 0004-rfbserver-don-t-leak-stack-memory-to-the-remote.patch | ||
| 0005-CMakeLists.txt-don-t-build-tight.c-without-png-or-zl.patch | ||
| 0006-libvncclient-cursor-limit-width-height-input-values.patch | ||
| Config.in | ||
| libvncserver.hash | ||
| libvncserver.mk | ||