CVE-2019-25600 HIGH

CVE-2019-25600: UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow

Vendor Uvnc
Product UltraVNC Viewer
Weakness CWE-787
Published March 22, 2026
Last update March 24, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.

Key dates

02Disclosure timeline

March 22, 2026 CVE published
March 24, 2026 Record updated