FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libvncserver -- multiple security vulnerabilities

Affected packages
		libvncserver	<	0.9.10

Details

VuXML ID	cb3f036d-8c7f-11e6-924a-60a44ce6887b
Discovery	2014-09-23
Entry	2016-10-11
Modified	2016-10-18

Nicolas Ruff reports:

Integer overflow in MallocFrameBuffer() on client side.

Lack of malloc() return value checking on client side.

Server crash on a very large ClientCutText message.

Server crash when scaling factor is set to zero.

Multiple stack overflows in File Transfer feature.

[source]

References

CVE Name	CVE-2014-6051
CVE Name	CVE-2014-6052
CVE Name	CVE-2014-6053
CVE Name	CVE-2014-6054
CVE Name	CVE-2014-6055
FreeBSD PR	ports/212380
URL	http://seclists.org/oss-sec/2014/q3/639