[Pkg-tigervnc-devel] Bug#849478: tigervnc: CVE-2014-8241: NULL pointer dereference flaw in XRegion
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 27 16:04:15 UTC 2016
Source: tigervnc
Version: 1.6.0+dfsg-4
Severity: grave
Tags: security upstream patch
Justification: user security hole
Hi,
the following vulnerability was published for tigervnc.
CVE-2014-8241[0]:
| XRegion in TigerVNC allows remote VNC servers to cause a denial of
| service (NULL pointer dereference) by leveraging failure to check a
| malloc return value, a similar issue to CVE-2014-6052.
The Red Hat bug[1] contains details and a patch[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8241
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1151312
[2] https://bugzilla.redhat.com/attachment.cgi?id=946490
Regards,
Salvatore
More information about the Pkg-tigervnc-devel
mailing list