CVE-2014-8241

CWE-476 — NULL Pointer Dereference7 documents7 sources

Severity

9.8CRITICAL

EPSS

0.7%

top 28.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Desktop Redhat Enterprise Linux HPC Node Redhat Enterprise Linux Server +1 more

Timeline

PublishedDec 14

Latest updateMay 17

Description

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶Debiantigervnc< 1.7.0-2+3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_hpc_node7.0

▶NVDredhat/enterprise_linux_workstation7.0

🔴Vulnerability Details

GHSA

GHSA-gq2g-qwmw-m5q3: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return v↗2022-05-17

▶

OSV

CVE-2014-8241: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return v↗2016-12-14

▶

CVEList

CVE-2014-8241: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return v↗2016-12-14

▶

📋Vendor Advisories

Red Hat

tigervnc: NULL pointer dereference flaw in XRegion↗2014-10-10

▶

Debian

CVE-2014-8241: tigervnc - XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL...↗2014

▶

💬Community

Bugzilla

CVE-2014-8241 tigervnc: NULL pointer dereference flaw in XRegion↗2014-10-10

▶