CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0011
https://notcve.org/view.php?id=CVE-2014-0011
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. Múltiples desbordamientos de búfer en la región heap de la memoria en la función ZRLE_DECODE en el archivo common/rfb/zrleDecode.h en TigerVNC versiones anteriores a la versión 1.3.1, cuando NDEBUG está habilitado, permite a servidores VNC remotos causar una denegación de servicio (bloqueo de vncviewer) y posiblemente ejecutar código arbitrario por medio de vectores relacionados con el renderizado de imágenes en pantalla. • https://bugzilla.redhat.com/show_bug.cgi?id=1050928 https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-8240 – tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
https://notcve.org/view.php?id=CVE-2014-8240
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051. Desbordamiento de enteros en TigerVNC permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con el manejo de la pantalla, lo que provoca un desbordamiento de buffer basado en memoria , un fallo similar a CVE-2014-6051. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client. • http://seclists.org/oss-sec/2014/q4/278 http://seclists.org/oss-sec/2014/q4/300 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/70391 https://bugzilla.redhat.com/show_bug.cgi?id=1151307 https://exchange.xforce.ibmcloud.com/vulnerabilities/96947 https://security.gentoo.org/glsa/201612-36 https://access.redhat.com/security/cve/CVE-2014-8240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •