On Mo, 2014-10-27 at 12:41 +0100, Petr Matousek wrote: > bits_per_pixel that are less than 8 could result in accessing > non-initialized buffers later in the code due to the expectation > that bytes_per_pixel value that is used to initialize these buffers is > never zero. > > To fix this check that bits_per_pixel from the client is one of the > values that the rfb protocol specification allows. > > This is CVE-2014-7815. > > Signed-off-by: Petr Matousek <pmato...@redhat.com>
applied minor codestyle fix & added to vnc patch queue. thanks, Gerd
