Description
It was discovered that there were two vulnerabilities in libvncserver, a
library to create/embed a VNC server:
A heap-based buffer overflow that allows remote servers to cause a
denial of service via a crafted FramebufferUpdate message containing a
subrectangle outside of the drawing area (CVE-2016-9941).
A heap-based buffer overflow that allow remote servers to cause a denial
of service via a crafted FramebufferUpdate message with the "Ultra" type
tile such that the LZO decompressed payload exceeds the size of the tile
dimensions (CVE-2016-9942).