漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
Vulnerability Description
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
GStreamer 缓冲区错误漏洞
Vulnerability Description
GStreamer是GStreamer组织开源的一套用于处理流媒体的框架。 GStreamer存在缓冲区错误漏洞,该漏洞源于矩形边界检查错误验证区域而非单个维度,可能导致恶意VNC服务器发送超出帧缓冲区的矩形,造成堆越界写入,从而导致代码执行或崩溃。
CVSS Information
N/A
Vulnerability Type
N/A