CVE-2019-25600
Buffer Overflow in UltraVNC Viewer 1.2.2.4 Causes DoS
Publication date: 2026-03-22
Last updated on: 2026-03-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ultravnc | viewer | 1.2.2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2019-25600 is a denial of service vulnerability in UltraVNC Viewer version 1.2.2.4 and earlier. It occurs because the application does not properly handle an oversized string input in the VNC Server field, leading to a buffer overflow.
An attacker can exploit this by pasting a malicious string consisting of 256 repeated characters into the VNC Server input field and then clicking Connect. This triggers the buffer overflow, causing the UltraVNC Viewer application to crash.
How can this vulnerability impact me? :
This vulnerability can cause the UltraVNC Viewer application to crash, resulting in a denial of service. This means legitimate users will be unable to use the viewer while it is crashed.
Since the vulnerability is remotely exploitable without privileges but requires user interaction, an attacker could cause disruption by tricking a user into pasting the malicious string and connecting.
The impact is primarily on availability, with no direct impact on confidentiality or integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the UltraVNC Viewer application version 1.2.2.4 or earlier.'}, {'type': 'paragraph', 'content': 'A proof-of-concept method involves creating a string of 256 repeated characters (for example, the character \'A\') and pasting it into the "VNC Server" input field of the UltraVNC Viewer, then clicking Connect. If the application crashes, the vulnerability is present.'}, {'type': 'list_item', 'content': "Create a text file containing 256 repetitions of the character 'A' (hex 0x41)."}, {'type': 'list_item', 'content': 'Copy the contents of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Launch UltraVNC Viewer.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the "VNC Server" input field.'}, {'type': 'list_item', 'content': 'Click the "Connect" button and observe if the application crashes.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid using UltraVNC Viewer version 1.2.2.4 or earlier until a patch or update is available.
Do not paste or input oversized strings (such as 256 repeated characters) into the VNC Server input field.
If possible, restrict access to UltraVNC Viewer usage to trusted users and networks to reduce the risk of exploitation.
Monitor for updates or patches from the vendor and apply them as soon as they become available.