CVE-2008-4770

NameCVE-2008-4770
DescriptionThe CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1716-1
Debian Bugs513531

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vnc4 (PTS)jessie4.1.1+X4.3.0-37.6fixed
buster, stretch4.1.1+X4.3.0+t-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vnc4sourceetch4.1.1+X4.3.0-21+etch1DSA-1716-1
vnc4source(unstable)4.1.1+X4.3.0-31medium513531

Search for package or bug name: Reporting problems