Vulnerability DatabaseCVE-2009-0388

CVE-2009-0388:
TightVNC vulnerability analysis and mitigation

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.

Source: NVD

Related TightVNC vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2021-42785	CRITICAL	9.8	NixOS	cpe:2.3:a:tightvnc:tightvnc	No	Yes	Nov 23, 2021
CVE-2019-8287	CRITICAL	9.8	NixOS	cpe:2.3:a:tightvnc:tightvnc	No	Yes	Oct 29, 2019
CVE-2024-42049	CRITICAL	9.1	TightVNC	cpe:2.3:a:tightvnc:tightvnc	No	Yes	Jul 28, 2024
CVE-2023-27830	CRITICAL	9	NixOS	tightvnc	No	Yes	Apr 12, 2023
CVE-2019-15680	HIGH	7.5	NixOS	libvncserver	No	Yes	Oct 29, 2019