Martin Sandsmark reports:
krfb 4.14 [and earlier] embeds libvncserver which has had
several security issues.
Several remotely exploitable security issues have been
uncovered in libvncserver, some of which might allow a
remote authenticated user code execution or application
crashes.