CVE-2019-8260

CRITICAL

UltraVNC < 1.2.2.3 - Out-of-bounds Read in VNC Client RRE Decoder

Title source: llm
STIX 2.1

Description

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200.

References (6)

Core 6

Scores

CVSS v3 9.8
EPSS 0.0225
EPSS Percentile 80.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (1)
uvnc/ultravnc < 1.2.2.3
Published Mar 05, 2019
Tracked Since Feb 18, 2026