CVE-2014-8240
EPSS 0.84%
Description
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
How to fix CVE-2014-8240
To remediate CVE-2014-8240, upgrade the affected package to a fixed version below.
- Debian/tigervnc—upgrade to 1.7.0-1 or later
Is CVE-2014-8240 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.7.0-1