This issue was discovered by Tim Waugh of Red Hat. Tigervnc is affected by same thing as in CVE-2014-6052. A NULL pointer dereference flaw was reported in tigervnc. A malicious VNC server could use this flaw to cause a client to crash.
Created attachment 946490 [details] tigervnc-CVE-2014-8241.patch (proposed RHEL-7.1 patch)
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2233 https://rhn.redhat.com/errata/RHSA-2015-2233.html
Statement: This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.
Hi Tim Would it be possible to make the patch as applied in Red Hat public? Regards, Salvatore