CVE-2014-6052

libvncserver < 0.9.9 - Denial of Service via Large Screen Size in FramebufferUpdate Message

Title source: llm
STIX 2.1

Description

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

References (14)

Core 14
Core References
Third Party Advisory, US Government Resource x_refsource_misc
http://www.ocert.org/advisories/ocert-2014-007.html
Permissions Required, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61682
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
Permissions Required, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61506
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/09/25/11
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/639
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-2365-1
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201507-07
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70091
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3081
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4587-1/

Scores

EPSS 0.0675
EPSS Percentile 93.2%

Details

CWE
CWE-20
Status published
Products (5)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
debian/debian_linux 7.0
libvncserver/libvncserver < 0.9.9
oracle/solaris 11.3
Published Dec 15, 2014
Tracked Since Feb 18, 2026