Description
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
References (8)
Core 8
Core References
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1151307
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/278
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-36
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96947
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70391
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/300
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Scores
EPSS
0.0355
EPSS Percentile
87.9%
Details
CWE
CWE-119
Status
published
Products (5)
tigervnc/tigervnc
0.0.90
tigervnc/tigervnc
0.0.91
tigervnc/tigervnc
1.0.0
tigervnc/tigervnc
1.0.1
tigervnc/tigervnc
1.1.0
Published
Oct 16, 2014
Tracked Since
Feb 18, 2026