Published: 30/09/2014 Updated: 23/10/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Enterprise Linux Server Aus

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and previous versions allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux server aus 6.5
redhat enterprise linux server eus 6.5.z
fedoraproject fedora 20
fedoraproject fedora 21
libvncserver libvncserver
debian debian linux 7.0
oracle solaris 11.3

Synopsis Moderate: libvncserver security update Type/Severity Security Advisory: Moderate Topic Updated libvncserver packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 65 Extended Update SupportRed Hat Product Security has rated this update as having Moderate securityimpac ...

Several security issues were fixed in LibVNCServer ...

Debian Bug report logs - #762745 [CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver Package: libvncserver; Maintainer for libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Luciano Bello <luciano@debianorg> Date: Wed, 24 Sep 2014 21:24:02 UTC Severity: grave Tags: patch, security Fi ...

Debian Bug report logs - #849479 tigervnc: CVE-2014-8240: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling Package: src:tigervnc; Maintainer for src:tigervnc is TigerVNC Packaging Team <pkg-tigervnc-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg&gt ...

Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side For the stable distribution (wheezy), these problems have been fixed in version 099+dfsg-1+deb7u1 For the ...

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client ...

CWE-189 http://www.openwall.com/lists/oss-security/2014/09/25/11 http://seclists.org/oss-sec/2014/q3/639 https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273 http://www.ocert.org/advisories/ocert-2014-007.html http://secunia.com/advisories/61506 http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html https://www.kde.org/info/security/advisory-20140923-1.txt http://www.debian.org/security/2014/dsa-3081 http://rhn.redhat.com/errata/RHSA-2015-0113.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/70093 http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html https://security.gentoo.org/glsa/201507-07 https://security.gentoo.org/glsa/201612-36 https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/4587-1/https://access.redhat.com/errata/RHSA-2015:0113 https://usn.ubuntu.com/2365-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-6051

CVE-2014-6051

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect