CVE-2017-7393 — Double Free in Tigervnc

CWE-415 — Double Free CWE-416 — Use After Free7 documents6 sources

Severity

8.8HIGHNVD

EPSS

2.1%

top 16.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tigervnc Debian Tigervnc

Timeline

PublishedApr 1

Latest updateMay 14

Description

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/tigervnc< tigervnc 1.7.0+dfsg-7 (bookworm)

▶Debiantigervnc/tigervnc< 1.7.0+dfsg-7+3

▶NVDtigervnc/tigervnc1.7.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-6qmp-qcvf-x3pr: In TigerVNC 1↗2022-05-14

▶

OSV

CVE-2017-7393: In TigerVNC 1↗2017-04-01

▶

📋Vendor Advisories

Red Hat

tigervnc: Double free via crafted fences↗2017-03-27

▶

Debian

CVE-2017-7393: tigervnc - In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticat...↗2017

▶

💬Community

Bugzilla

CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 tigervnc: various flaws [fedora-all]↗2017-04-04

▶

Bugzilla

CVE-2017-7393 tigervnc: Double free via crafted fences↗2017-04-04

▶