CVE-2014-8240 Information

Description

Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling which triggers a heap-based buffer overflow a similar issue to CVE-2014-6051.

Reference

http://seclists.org/oss-sec/2014/q4/278 http://seclists.org/oss-sec/2014/q4/300 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/70391 https://bugzilla.redhat.com/show_bug.cgi?id=1151307 https://exchange.xforce.ibmcloud.com/vulnerabilities/96947 https://security.gentoo.org/glsa/201612-36