CVE-2014-8240Integer Overflow or Wraparound in Tigervnc

CWE-190Integer Overflow or WraparoundCWE-122Heap-based Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
TigervncDebian Tigervnc
Timeline
PublishedOct 16
Latest updateMay 17

Description

Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/tigervnc< tigervnc 1.7.0-1 (bookworm)
Debiantigervnc/tigervnc< 1.7.0-1+3
NVDtigervnc/tigervnc5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-5qgx-8v4m-83gf: Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to2022-05-17
OSV
CVE-2014-8240: Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to2014-10-16

📋Vendor Advisories

2
Red Hat
tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling2014-10-10
Debian
CVE-2014-8240: tigervnc - Integer overflow in TigerVNC allows remote VNC servers to cause a denial of serv...2014

💬Community

1
Bugzilla
CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling2014-10-10
CVE-2014-8240 — Integer Overflow or Wraparound | cvebase