CVE-2011-0904 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-0904 Interim 1 23 2025-03-25T01:59:36Z current 2021-05-30T12:56:30Z 2025-03-25T01:59:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-0904 The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LELHDVK3NB65FNSKEM3ZI6U2R5NOGDN3/#LELHDVK3NB65FNSKEM3ZI6U2R5NOGDN3 E-Mail link for SUSE-SR:2011:009 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 openSUSE Tumbleweed vino-2.28.1-2.3.1 vino-3.10.1-1.86 vino-3.20.2-5.8 vino-3.22.0-1.1 vino-3.22.0-1.62 vino-3.22.0-3.3.1 vino-lang-2.28.1-2.3.1 vino-lang-3.10.1-1.86 vino-lang-3.20.2-5.8 vino-lang-3.22.0-1.1 vino-lang-3.22.0-1.62 vino-lang-3.22.0-3.3.1 vino-3.10.1-1.86 as a component of SUSE Linux Enterprise Desktop 12 vino-lang-3.10.1-1.86 as a component of SUSE Linux Enterprise Desktop 12 vino-3.10.1-1.86 as a component of SUSE Linux Enterprise Desktop 12 SP1 vino-lang-3.10.1-1.86 as a component of SUSE Linux Enterprise Desktop 12 SP1 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Desktop 12 SP2 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Desktop 12 SP2 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Desktop 12 SP3 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Desktop 12 SP3 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Desktop 12 SP4 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Desktop 12 SP4 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 vino-3.22.0-1.62 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 vino-lang-3.22.0-1.62 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 vino-3.22.0-3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 vino-lang-3.22.0-3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 vino-2.28.1-2.3.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA vino-lang-2.28.1-2.3.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA vino-3.10.1-1.86 as a component of SUSE Linux Enterprise Server 12 vino-lang-3.10.1-1.86 as a component of SUSE Linux Enterprise Server 12 vino-3.10.1-1.86 as a component of SUSE Linux Enterprise Server 12 SP1 vino-lang-3.10.1-1.86 as a component of SUSE Linux Enterprise Server 12 SP1 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP2 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP2 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP3 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP3 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP4 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP4 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP5 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Server 12 SP5 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 vino-3.20.2-5.8 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 vino-lang-3.20.2-5.8 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 vino-3.22.0-1.1 as a component of openSUSE Tumbleweed vino-lang-3.22.0-1.1 as a component of openSUSE Tumbleweed The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions. CVE-2011-0904 SUSE Linux Enterprise Desktop 12:vino-3.10.1-1.86 SUSE Linux Enterprise Desktop 12:vino-lang-3.10.1-1.86 SUSE Linux Enterprise Desktop 12 SP1:vino-3.10.1-1.86 SUSE Linux Enterprise Desktop 12 SP1:vino-lang-3.10.1-1.86 SUSE Linux Enterprise Desktop 12 SP2:vino-3.20.2-5.8 SUSE Linux Enterprise Desktop 12 SP2:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Desktop 12 SP3:vino-3.20.2-5.8 SUSE Linux Enterprise Desktop 12 SP3:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Desktop 12 SP4:vino-3.20.2-5.8 SUSE Linux Enterprise Desktop 12 SP4:vino-lang-3.20.2-5.8 SUSE Linux Enterprise High Performance Computing 12 SP5:vino-3.20.2-5.8 SUSE Linux Enterprise High Performance Computing 12 SP5:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Module for Desktop Applications 15:vino-3.22.0-1.62 SUSE Linux Enterprise Module for Desktop Applications 15:vino-lang-3.22.0-1.62 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:vino-3.22.0-3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:vino-lang-3.22.0-3.3.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:vino-2.28.1-2.3.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:vino-lang-2.28.1-2.3.1 SUSE Linux Enterprise Server 12:vino-3.10.1-1.86 SUSE Linux Enterprise Server 12:vino-lang-3.10.1-1.86 SUSE Linux Enterprise Server 12 SP1:vino-3.10.1-1.86 SUSE Linux Enterprise Server 12 SP1:vino-lang-3.10.1-1.86 SUSE Linux Enterprise Server 12 SP2:vino-3.20.2-5.8 SUSE Linux Enterprise Server 12 SP2:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Server 12 SP3:vino-3.20.2-5.8 SUSE Linux Enterprise Server 12 SP3:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Server 12 SP4:vino-3.20.2-5.8 SUSE Linux Enterprise Server 12 SP4:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Server 12 SP5:vino-3.20.2-5.8 SUSE Linux Enterprise Server 12 SP5:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:vino-3.20.2-5.8 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:vino-lang-3.20.2-5.8 SUSE Linux Enterprise Server for SAP Applications 12 SP5:vino-3.20.2-5.8 SUSE Linux Enterprise Server for SAP Applications 12 SP5:vino-lang-3.20.2-5.8 openSUSE Tumbleweed:vino-3.22.0-1.1 openSUSE Tumbleweed:vino-lang-3.22.0-1.1 important 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P