Out-of-bounds read in VMware Workstation and VMware Horizon - CVE-2017-4936
Published: November 20, 2017
Vulnerability identifier: #VU9357
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4936
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Workstation
VMware Horizon
VMware Workstation
VMware Horizon
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condtition on the target system.
The weakness exists due to out-of-bounds memory read error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash.
The weakness exists due to out-of-bounds memory read error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash.
How to mitigate CVE-2017-4936
Update Workstation to version 12.5.8.
Update Horizon View Client for Windows to version 4.6.1.
Update Horizon View Client for Windows to version 4.6.1.