A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. Reference: http://www.openwall.com/lists/oss-security/2014/09/23/6 This libVNCServer flaw was assigned CVE-2014-6053. A similar flaw was found in RealVNC server which has been assigned CVE-2010-5304.
https://packetstormsecurity.com/files/89160/RealVNC-VNC-Server-Free-Edition-4.1.3-Denial-Of-Service.html contains instructions for reproducing this flaw.
External References: https://packetstormsecurity.com/files/89160/RealVNC-VNC-Server-Free-Edition-4.1.3-Denial-Of-Service.html
Statement: This flaw is in RealVNC shipped with Red Hat Enterprise Linux 5. A similar flaw was also found in LibVNCServer and was assigned CVE-2014-6053
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2010-5304