CVE-2019-25600

MEDIUM 6.5

UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

9th

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.

CWE	CWE-787
Vendor	uvnc
Product	ultravnc viewer
Published	Mar 22, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for uvnc ultravnc viewer

Be the first to know when new medium vulnerabilities affecting uvnc ultravnc viewer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Uvnc / UltraVNC Viewer

1.2.2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46702 uvnc.com: https://www.uvnc.com/ uvnc.com: https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html vulncheck.com: https://www.vulncheck.com/advisories/ultravnc-viewer-denial-of-service-via-buffer-overflow

Credits

Victor Mondragón