libvncserver -- multiple security vulnerabilities

2014-09-23T00:00:00
ID CB3F036D-8C7F-11E6-924A-60A44CE6887B
Type freebsd
Reporter FreeBSD
Modified 2016-10-18T00:00:00

Description

Nicolas Ruff reports:

Integer overflow in MallocFrameBuffer() on client side. Lack of malloc() return value checking on client side. Server crash on a very large ClientCutText message. Server crash when scaling factor is set to zero. Multiple stack overflows in File Transfer feature.