CVE-2021-42785

Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59

CVE ID

CVE-2021-42785

Description

Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.

Tested Versions

TightVNC Viewer <= 2.8.59

Details

TightVNC is a free and open-source remote desktop software server and client application for Linux and Windows.

When parsing a specifically crafted FramebufferUpdate packet, it is possible to allow a remote attacker to execute code on the viewer machine. This is caused by a buffer overrun in ZRLE decoder caused by modifying the runLength of the ZRLE decoding routine, leading to an overly-large memcpy into a limited buffer.

Timeline

• 2021-07-23 - Vendor Disclosure
• 2021-09-29 - Vendor Patched
• 2021-11-09 - Public Release

Credit

Discovered by Eugene Lim from Government Technology Agency of Singapore.