FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libvncserver -- multiple security vulnerabilities

Affected packages
libvncserver < 0.9.10


VuXML ID cb3f036d-8c7f-11e6-924a-60a44ce6887b
Discovery 2014-09-23
Entry 2016-10-11
Modified 2016-10-18

Nicolas Ruff reports:

Integer overflow in MallocFrameBuffer() on client side.

Lack of malloc() return value checking on client side.

Server crash on a very large ClientCutText message.

Server crash when scaling factor is set to zero.

Multiple stack overflows in File Transfer feature.


CVE Name CVE-2014-6051
CVE Name CVE-2014-6052
CVE Name CVE-2014-6053
CVE Name CVE-2014-6054
CVE Name CVE-2014-6055
FreeBSD PR ports/212380