{"id":"MGASA-2014-0173","summary":"Updated tigervnc packages fix CVE-2014-0011","details":"Updated tigervnc packages fix security vulnerability:\n\nA heap-based buffer overflow was found in the way vncviewer rendered certain\nscreen images from a vnc server. If a user could be tricked into connecting\nto a malicious vnc server, it may cause the vncviewer to crash, or could\npossibly execute arbitrary code with the permissions of the user running it.\nThis issue was due to an issue in the ZRLE_DECODE() function which performs\nRLE decoding (CVE-2014-0011).\n","modified":"2026-04-16T06:24:55.983740265Z","published":"2014-04-15T18:25:29Z","upstream":["CVE-2014-0011"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0173.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130495.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13082"}],"affected":[{"package":{"name":"tigervnc","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/tigervnc?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-3.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0173.json"}},{"package":{"name":"tigervnc","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/tigervnc?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0-2.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0173.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}