Description
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.
Published: 2026-03-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch immediately
AI Analysis

Impact

A buffer overflow occurs in UltraVNC Viewer 1.2.2.4 when a user supplies an oversized string to the VNC Server input field. The accidental or malicious input of 256 repeated characters causes the application to crash, terminating the viewer and denying service to legitimate users. The vulnerability arises from improper bounds checking of user-supplied data, a classic memory corruption weakness.

Affected Systems

The vulnerability affects the UltraVNC Viewer product from UVNC, specifically version 1.2.2.4. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity impact on availability. Although explicit exploit probability is not provided, the logic of the bug suggests that any user running the viewer can trigger the crash by simply entering a long string and clicking Connect. The lack of a CISA KEV listing and no known formal exploit in public exploits implies that the risk of exploitation is moderate, but the potential disruption to user sessions is significant. If unpatched, unattended systems may experience repeated crashes during normal operation or through social‑engineering attempts to insert the malicious string.

Generated by OpenCVE AI on March 22, 2026 at 14:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update UltraVNC Viewer to the latest available version or apply a vendor patch that fixes the buffer overflow.
  • If an update is not immediately possible, restrict or disable the VNC Server input field to prevent entry of long strings beyond a safe length.
  • Verify that no other applications on the system can invoke a vulnerable instance of UltraVNC Viewer.

Generated by OpenCVE AI on March 22, 2026 at 14:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Uvnc
Uvnc ultravnc Viewer
Vendors & Products Uvnc
Uvnc ultravnc Viewer

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.
Title UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Uvnc Ultravnc Viewer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T15:14:43.698Z

Reserved: 2026-03-22T12:59:37.342Z

Link: CVE-2019-25600

cve-icon Vulnrichment

Updated: 2026-03-24T14:09:30.439Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T14:16:27.343

Modified: 2026-04-16T16:19:50.757

Link: CVE-2019-25600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:16Z

Weaknesses