CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0011 – Gentoo Linux Security Advisory 201411-03
https://notcve.org/view.php?id=CVE-2014-0011
06 Nov 2014 — Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. Múltiples desbordamientos de búfer en la región heap de la memoria en la función ZRLE_DECODE en el archivo common/rfb/zrleDecode.h en TigerVNC versiones anteriores a la versión 1.3.1, cuando NDEBUG está habilitado, ... • https://bugzilla.redhat.com/show_bug.cgi?id=1050928 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-8240 – tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
https://notcve.org/view.php?id=CVE-2014-8240
16 Oct 2014 — Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051. Desbordamiento de enteros en TigerVNC permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con el manejo de la pantalla, lo que provoca un desbordamiento de buffe... • http://seclists.org/oss-sec/2014/q4/278 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •