What is CVE-2017-4936?

CVE-2017-4936 is a high-severity vulnerability in Vmware Horizon_view, classified under Out-of-bounds Read. CVSS score: 7.8/10. Published 2017-11-17.

How severe is CVE-2017-4936?

High severity. CVSS v3 base score is 7.8 out of 10.

Out-of-bounds Read in Vmware Horizon_view

CVE-2017-4936

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perf…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (17.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Vmware Horizon_view — versions 4.0.0, 4.0.1, 4.1
Vmware Horizon View Client For Windows — versions 4.x before 4.6.1
Vmware Workstation — versions 12.5, 12.0.0, 12.5.7

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

security@vmware.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-4936?: CVE-2017-4936 is a high-severity vulnerability in Vmware Horizon_view, classified under Out-of-bounds Read. CVSS score: 7.8/10. Published 2017-11-17.
How severe is CVE-2017-4936?: High severity. CVSS v3 base score is 7.8 out of 10.