{"containers": {"cna": {"affected": [{"product": "TigerVNC", "vendor": "TigerVNC", "versions": [{"status": "affected", "version": "before 1.3.1"}]}], "datePublic": "2014-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering."}], "problemTypes": [{"descriptions": [{"description": "Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-02T19:34:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TigerVNC", "version": {"version_data": [{"version_value": "before 1.3.1"}]}}]}, "vendor_name": "TigerVNC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928"}, {"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1", "refsource": "CONFIRM", "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:58:26.465Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0011", "datePublished": "2020-01-02T19:34:29", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T08:58:26.465Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF817D4F-6B39-4BF9-8B0D-D27576436F6F", "versionEndExcluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n ZRLE_DECODE en el archivo common/rfb/zrleDecode.h en TigerVNC versiones anteriores a la versi\u00f3n 1.3.1, cuando NDEBUG est\u00e1 habilitado, permite a servidores VNC remotos causar una denegaci\u00f3n de servicio (bloqueo de vncviewer) y posiblemente ejecutar c\u00f3digo arbitrario por medio de vectores relacionados con el renderizado de im\u00e1genes en pantalla."}], "id": "CVE-2014-0011", "lastModified": "2020-01-14T17:29:27.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-02T20:15:15.943", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "tigervnc: ZRLE decoding heap-based buffer overflow in vncviewer", "id": "1050928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-122", "details": ["Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering."], "name": "CVE-2014-0011", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "vnc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-03-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0011\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0011"], "statement": "Not vulnerable. This issue did not affect the tigervnc packages as shipped with Red Hat Enterprise Linux 6, and the vnc packages as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Moderate", "upstream_fix": "tigervnc 1.3.1"}