Fluid Attacks Database

Description

Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	tigervnc	>=0 <1.7.0-1	1.7.0-1
debian 12	tigervnc	>=0 <1.7.0-1	1.7.0-1
rpm rhel6	tigervnc	-	-
debian 13	tigervnc	>=0 <1.7.0-1	1.7.0-1
rpm rhel7	tigervnc	<0:1.3.1-3.el7	0:1.3.1-3.el7
debian 11	tigervnc	>=0 <1.7.0-1	1.7.0-1
rpm rhel5	vnc	-	-

Aliases

1. CVE-2014-82402. NVD-2014-82403. OSV-DEBIAN-2014-82404. OSV-2014-82405. SECURITY-TRACKER-CVE-2014-8240

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.