Description
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.html
Mailing List, Third Party Advisory x_refsource_misc
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139814.html
Mailing List, Third Party Advisory x_refsource_misc
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
Mailing List, Third Party Advisory x_refsource_misc
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/oss-sec/2014/q3/639
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2014/09/23/6
Scores
CVSS v3
7.5
EPSS
0.0312
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (4)
fedoraproject/fedora
19
fedoraproject/fedora
20
fedoraproject/fedora
21
libvncserver_project/libvncserver
< 0.9.9
Published
Feb 05, 2020
Tracked Since
Feb 18, 2026