{"id":"CVE-2017-5581","details":"Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.","modified":"2026-04-11T03:11:41.010179Z","published":"2017-02-28T18:59:00.360Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2000"},{"type":"ADVISORY","url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201702-19"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0630.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95789"},{"type":"FIX","url":"https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba"},{"type":"FIX","url":"https://github.com/TigerVNC/tigervnc/pull/399"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/25/6"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/22/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tigervnc/tigervnc","events":[{"introduced":"0"},{"last_affected":"e25272fc74ef09987ccaa33b9bf1736397c76fdf"},{"fixed":"18c020124ff1b2441f714da2017f63dba50720ba"},{"fixed":"6172cc01dd7d1493064571b341c978e2df7725d7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7"}]}}],"versions":["v0.0.90","v1.1.90","v1.6.90","v1.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5581.json","vanir_signatures":[{"id":"CVE-2017-5581-878a012b","source":"https://github.com/tigervnc/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["320101790164385197062604559268187800845","101278105750755272302286523267744065134","227206589302613368134179064545328224606","37954835309596497570085437509597633630","236316441078231686449712981385599688329","21041643315465928557012854915772715854","37876990361878916169243063020416749353","306038676464487774982249623696159748143","53754149427214229100751004005328338512","283238925708460159984547712171272161731","150018598010319204719643123912446757107","148868603770565665332025060610641837345","187474394009359975849262119408290447344","61349885004796822878903945384242010137"]},"signature_type":"Line","deprecated":false,"target":{"file":"common/rfb/PixelBuffer.cxx"}},{"id":"CVE-2017-5581-cb090a90","source":"https://github.com/tigervnc/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba","signature_version":"v1","digest":{"function_hash":"332696160378536359901209007462624368553","length":652},"signature_type":"Function","deprecated":false,"target":{"function":"ModifiablePixelBuffer::fillRect","file":"common/rfb/PixelBuffer.cxx"}}],"vanir_signatures_modified":"2026-04-11T03:11:41Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}