CVE-2014-6054

Published: 24 September 2014

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

Priority

Status

Package	Release	Status
italc Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Does not exist
	trusty	Does not exist (trusty was needed)
	upstream	Released (1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
	xenial	Released (1:2.0.2+dfsg1-4ubuntu0.1)
krfb Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	trusty	Released (4:4.13.3-0ubuntu1.1)
	upstream	Needs triage
	Patches: upstream: http://quickgit.kde.org/?p=krfb.git&a=commit&h=126a746dd7bee35840083e9bec7a52935a010346
libvncserver Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (0.9.8.2-2ubuntu1.1)
	trusty	Released (0.9.9+dfsg-1ubuntu1.1)
	upstream	Needs triage
	Patches: upstream: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446 upstream: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 upstream: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548 upstream: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e upstream: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-6054

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading