1 files changed, 18 insertions, 0 deletions

diff --git a/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch b/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch
new file mode 100644
index 00000000000..cd65d2fb5dd
--- /dev/null
+++ b/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch
@@ -0,0 +1,18 @@
+Adapted from https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
+diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c
+index 04b0230..47a6863 100644
+--- a/vncviewer/rfbproto.c
++++ b/vncviewer/rfbproto.c
+@@ -1217,6 +1217,12 @@ HandleRFBServerMessage()
+     if (serverCutText)
+       free(serverCutText);
+ 
++    if (msg.sct.length > 1<<20) {
++      fprintf(stderr,"Ignoring too big cut text length sent by server: %u B > 1 MB\n",
++              (unsigned int)msg.sct.length);
++      return False;
++    }
++
+     serverCutText = malloc(msg.sct.length+1);
+ 
+     if (!ReadFromRFBServer(serverCutText, msg.sct.length))