| CVE-2017-1000044 | Cri | 0.64 | 9.8 | 0.02 | | Jul 17, 2017 | gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering |
| CVE-2017-5885 | Cri | 0.64 | 9.8 | 0.01 | | Feb 28, 2017 | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. |
| CVE-2017-5884 | Hig | 0.51 | 7.8 | 0.00 | | Feb 28, 2017 | gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. |
