CVE-2014-8240
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
16/10/2014
Last modified:
12/04/2025
Description
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:tigervnc:tigervnc:0.0.90:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tigervnc:tigervnc:0.0.91:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tigervnc:tigervnc:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tigervnc:tigervnc:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tigervnc:tigervnc:1.1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/oss-sec/2014/q4/278
- http://seclists.org/oss-sec/2014/q4/300
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/70391
- https://bugzilla.redhat.com/show_bug.cgi?id=1151307
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96947
- https://security.gentoo.org/glsa/201612-36
- http://seclists.org/oss-sec/2014/q4/278
- http://seclists.org/oss-sec/2014/q4/300
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/70391
- https://bugzilla.redhat.com/show_bug.cgi?id=1151307
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96947
- https://security.gentoo.org/glsa/201612-36