CVE-2014-8240

EUVD-2014-8081
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
tigervnctigervnc
0.0.90
tigervnctigervnc
0.0.91
tigervnctigervnc
1.0.0
tigervnctigervnc
1.0.1
tigervnctigervnc
1.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tigervnc
bookworm
1.12.0+dfsg-8
fixed
bullseye
1.11.0+dfsg-2+deb11u1
fixed
sid
1.13.1+dfsg-3
fixed
trixie
1.13.1+dfsg-3
fixed
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q4/278
http://seclists.org/oss-sec/2014/q4/300
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70391
https://bugzilla.redhat.com/show_bug.cgi?id=1151307
https://exchange.xforce.ibmcloud.com/vulnerabilities/96947
https://security.gentoo.org/glsa/201612-36
http://seclists.org/oss-sec/2014/q4/278
http://seclists.org/oss-sec/2014/q4/300
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70391
https://bugzilla.redhat.com/show_bug.cgi?id=1151307
https://exchange.xforce.ibmcloud.com/vulnerabilities/96947
https://security.gentoo.org/glsa/201612-36