← Back

CVE-2014-6052

nvd nist
Published: Dec 15, 2014Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

Affected (5)

Show all products
Libvncserver: Libvncserver · Oracle: Solaris · Debian: Debian Linux · Canonical: Ubuntu Linux
Libvncserver
1 product
Libvncserver
Oracle
1 product
Solaris
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libvncserver
Up to 0.9.9
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Solaris
Version 11.3
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 7.0
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (28)

Source: cve@mitre.org
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Permissions RequiredThird Party Advisory
Source: cve@mitre.org
Permissions RequiredThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
ExploitIssue TrackingPatch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.