ID CVE-2014-6051
Summary Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5.z:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5.z:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 23-10-2020 - 13:15)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2015:0113
rpms
  • libvncserver-0:0.9.7-7.el6_6.1
  • libvncserver-0:0.9.9-9.el7_0.1
  • libvncserver-debuginfo-0:0.9.7-7.el6_6.1
  • libvncserver-debuginfo-0:0.9.9-9.el7_0.1
  • libvncserver-devel-0:0.9.7-7.el6_6.1
  • libvncserver-devel-0:0.9.9-9.el7_0.1
  • libvncserver-0:0.9.7-7.el6_5.1
  • libvncserver-debuginfo-0:0.9.7-7.el6_5.1
  • libvncserver-devel-0:0.9.7-7.el6_5.1
refmap via4
bid 70093
confirm
debian DSA-3081
fedora
  • FEDORA-2014-11537
  • FEDORA-2014-11685
gentoo
  • GLSA-201507-07
  • GLSA-201612-36
misc http://www.ocert.org/advisories/ocert-2014-007.html
mlist
  • [debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update
  • [oss-security] 20140923 Multiple issues in libVNCserver
  • [oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues
secunia 61506
suse openSUSE-SU-2015:2207
ubuntu USN-4587-1
Last major update 23-10-2020 - 13:15
Published 30-09-2014 - 16:55
Last modified 23-10-2020 - 13:15
Back to Top