{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25600", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T12:59:37.342Z", "datePublished": "2026-03-22T13:38:36.517Z", "dateUpdated": "2026-03-24T15:14:43.698Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:36.517Z"}, "datePublic": "2019-04-14T00:00:00.000Z", "title": "UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow", "descriptions": [{"lang": "en", "value": "UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Uvnc", "product": "UltraVNC Viewer", "versions": [{"version": "1.2.2.4", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46702", "name": "ExploitDB-46702", "tags": ["exploit"]}, {"url": "https://www.uvnc.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ultravnc-viewer-denial-of-service-via-buffer-overflow"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:09:29.459873Z", "id": "CVE-2019-25600", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:14:43.698Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25600", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:09:29.459873Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:09:30.439Z"}}], "cna": {"title": "UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Uvnc", "product": "UltraVNC Viewer", "versions": [{"status": "affected", "version": "1.2.2.4"}]}], "datePublic": "2019-04-14T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46702", "name": "ExploitDB-46702", "tags": ["exploit"]}, {"url": "https://www.uvnc.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ultravnc-viewer-denial-of-service-via-buffer-overflow", "name": "VulnCheck Advisory: UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:36.517Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25600", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:14:43.698Z", "dateReserved": "2026-03-22T12:59:37.342Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:36.517Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer."}, {"lang": "es", "value": "UltraVNC Viewer 1.2.2.4 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a los atacantes bloquear la aplicaci\u00f3n al proporcionar una cadena de caracteres excesivamente larga al campo de entrada del servidor VNC. Los atacantes pueden pegar una cadena maliciosa que contenga 256 caracteres repetidos en el campo del servidor VNC y hacer clic en Conectar para desencadenar un desbordamiento de b\u00fafer que bloquea el visor."}], "id": "CVE-2019-25600", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:27.343", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46702"}, {"source": "disclosure@vulncheck.com", "url": "https://www.uvnc.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ultravnc-viewer-denial-of-service-via-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2.2.4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "UltraVNC Viewer", "source": "cna", "vendor": "Uvnc"}, "product": "ultravnc_viewer", "vendor": "uvnc"}], "analysis": {"en": {"generated_at": "2026-03-22T14:41:54.208328+00:00", "value": {"mitigation_remediation": ["Update UltraVNC Viewer to the latest available version or apply a vendor patch that fixes the buffer overflow.", "If an update is not immediately possible, restrict or disable the VNC Server input field to prevent entry of long strings beyond a safe length.", "Verify that no other applications on the system can invoke a vulnerable instance of UltraVNC Viewer."], "summary": {"action": "Patch immediately", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the UltraVNC Viewer product from UVNC, specifically version 1.2.2.4. No other versions or products are listed as affected.", "description_and_impact": "A buffer overflow occurs in UltraVNC Viewer 1.2.2.4 when a user supplies an oversized string to the VNC Server input field. The accidental or malicious input of 256 repeated characters causes the application to crash, terminating the viewer and denying service to legitimate users. The vulnerability arises from improper bounds checking of user-supplied data, a classic memory corruption weakness.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity impact on availability. Although explicit exploit probability is not provided, the logic of the bug suggests that any user running the viewer can trigger the crash by simply entering a long string and clicking Connect. The lack of a CISA KEV listing and no known formal exploit in public exploits implies that the risk of exploitation is moderate, but the potential disruption to user sessions is significant. If unpatched, unattended systems may experience repeated crashes during normal operation or through social\u2011engineering attempts to insert the malicious string."}}}}, "created": "2026-03-23T09:46:19.190258+00:00", "updated": "2026-03-25T14:46:16.716886+00:00", "vendors": ["uvnc", "uvnc$PRODUCT$ultravnc_viewer"]}