libvncserver -- multiple security vulnerabilities

ID CB3F036D-8C7F-11E6-924A-60A44CE6887B
Type freebsd
Reporter FreeBSD
Modified 2016-10-18T00:00:00


Nicolas Ruff reports:

Integer overflow in MallocFrameBuffer() on client side. Lack of malloc() return value checking on client side. Server crash on a very large ClientCutText message. Server crash when scaling factor is set to zero. Multiple stack overflows in File Transfer feature.