CVE-2017-4936

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 82.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon View Client FOR Windows Vmware Workstation Vmware Horizon View

Timeline

PublishedNov 17

Latest updateMay 17

Description

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5vmware/horizon_view_client_for_windows4.x before 4.6.1

▶NVDvmware/horizon_view8 versions+7

▶CVEListV5vmware/workstation12.x before 12.5.8

▶NVDvmware/workstation12 versions+11

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-gvx8-5rvg-hjxw: VMware Workstation (12↗2022-05-17

▶

CVEList

CVE-2017-4936: VMware Workstation (12↗2017-11-17

▶

💬Community

Bugzilla

CVE-2017-2638 infinispan: auth bypass in REST api↗2017-03-02

▶