CVE-2014-6052
libvncserver < 0.9.9 - Denial of Service via Large Screen Size in FramebufferUpdate Message
Title source: llmDescription
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
References (14)
Core 14
Core References
Third Party Advisory, US Government Resource x_refsource_misc
http://www.ocert.org/advisories/ocert-2014-007.html
Permissions Required, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61682
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
Permissions Required, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61506
Exploit, Issue Tracking, Patch x_refsource_confirm
https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/09/25/11
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/639
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-2365-1
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201507-07
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70091
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3081
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4587-1/
Scores
EPSS
0.0675
EPSS Percentile
93.2%
Details
CWE
CWE-20
Status
published
Products (5)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
debian/debian_linux
7.0
libvncserver/libvncserver
< 0.9.9
oracle/solaris
11.3
Published
Dec 15, 2014
Tracked Since
Feb 18, 2026