libvncserver is vulnerable to denial of service (DoS) attacks. The vulnerability exists as an integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. .
lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html
lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
rhn.redhat.com/errata/RHSA-2015-0113.html
seclists.org/oss-sec/2014/q3/639
secunia.com/advisories/61506
www.debian.org/security/2014/dsa-3081
www.ocert.org/advisories/ocert-2014-007.html
www.openwall.com/lists/oss-security/2014/09/25/11
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.securityfocus.com/bid/70093
access.redhat.com/security/updates/classification/#moderate
github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
lists.debian.org/debian-lts-announce/2019/10/msg00042.html
rhn.redhat.com/errata/RHSA-2014-1826.html
security.gentoo.org/glsa/201507-07
security.gentoo.org/glsa/201612-36
usn.ubuntu.com/4587-1/
www.kde.org/info/security/advisory-20140923-1.txt