From: Christian Beier Date: Sun, 21 Oct 2018 20:21:30 +0200 Subject: LibVNCServer: fix heap out-of-bound write access Origin: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-15127 Bug-Debian: https://bugs.debian.org/916941 Bug: https://github.com/LibVNC/libvncserver/issues/243 Closes #243 --- libvncserver/rfbserver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c @@ -1466,7 +1466,7 @@ rfbLog("rfbProcessFileTransferReadBuffer(%dlen)\n", length); */ if (length>0) { - buffer=malloc(length+1); + buffer=malloc((uint64_t)length+1); if (buffer!=NULL) { if ((n = rfbReadExact(cl, (char *)buffer, length)) <= 0) { if (n != 0)