[Secure-testing-team] Bug#849479: tigervnc: CVE-2014-8240: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 27 16:20:18 UTC 2016
Source: tigervnc
Version: 1.6.0+dfsg-4
Severity: grave
Tags: security patch upstream
Justification: user security hole
Hi,
the following vulnerability was published for tigervnc.
CVE-2014-8240[0]:
| Integer overflow in TigerVNC allows remote VNC servers to cause a
| denial of service (crash) and possibly execute arbitrary code via
| vectors related to screen size handling, which triggers a heap-based
| buffer overflow, a similar issue to CVE-2014-6051.
More details are in the Red Hat bug[1] which includes a patch[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8240
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1151307
[2] https://bugzilla.redhat.com/attachment.cgi?id=947578
Regards,
Salvatore
More information about the Secure-testing-team
mailing list