CVE-2021-41380: 
RealVNC Viewer vulnerability analysis and mitigation

RealVNC Viewer 6.21.406 contains a denial of service vulnerability that allows remote VNC servers to cause an application crash via crafted RFB protocol data. The vulnerability was discovered and disclosed in September 2021. This issue has been disputed as it requires social engineering to trick a user into connecting to a malicious VNC server (MITRE).

When a user connects to a malicious VNC server, specially crafted RFB (Remote Framebuffer) protocol data can cause the VNC Viewer application to hang until terminated. The application will remain in a hung state but no memory leak occurs - the resources are freed once the hung process is terminated and resource usage remains constant during the hang. Only the specific process connected to the malicious server is affected (NVD).

The impact is limited to a denial of service condition affecting only the specific VNC Viewer process connected to the malicious server. When exploited, it causes the application to hang and become unresponsive, requiring manual termination of the process. No permanent system damage or memory leaks occur (NVD).

Since this is considered an application bug rather than a security vulnerability, no official patches have been released. Users should be cautious when connecting to untrusted VNC servers. If the application becomes unresponsive, the affected process can be terminated manually without any lasting impact (NVD).