FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krfb -- Possible Denial of Service or code execution via integer overflow

Affected packages
krfb < 4.12.5_1

Details

VuXML ID be5421ab-1b56-11e4-a767-5453ed2e2b49
Discovery 2014-08-03
Entry 2014-08-03

Albert Aastals Cid reports:

krfb embeds libvncserver which embeds liblzo2, it contains various flaws that result in integer overflow problems.

This potentially allows a malicious application to create a possible denial of service or code execution. Due to the need to exploit precise details of the target architecture and threading it is unlikely that remote code execution can be achieved in practice.

References

CVE Name CVE-2014-4607
Message http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2