Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2014-6052
HistorySep 24, 2014 - 12:00 a.m.

CVE-2014-6052

2014-09-2400:00:00
ubuntu.com
ubuntu.com
23

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.5%

JSON

The HandleRFBServerMessage function in libvncclient/rfbproto.c in
LibVNCServer 0.9.9 and earlier does not check certain malloc return values,
which allows remote VNC servers to cause a denial of service (application
crash) or possibly execute arbitrary code by specifying a large screen size
in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3)
PalmVNCReSizeFrameBuffer message.

Notes

Author Note
mdeslaur same patches as CVE-2014-6051 krfb is only a server, this issue is client side.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchitalc< 1:3.0.1+dfsg1-1UNKNOWN
ubuntu16.04noarchitalc< 1:2.0.2+dfsg1-4ubuntu0.1UNKNOWN
ubuntu12.04noarchlibvncserver< 0.9.8.2-2ubuntu1.1UNKNOWN
ubuntu14.04noarchlibvncserver< 0.9.9+dfsg-1ubuntu1.1UNKNOWN

Related

veracode 4
cvelist 4
debiancve 4
ubuntucve 1
prion 4
nvd 4
cve 4
nessus 25
openvas 18
securityvulns 2
debian 3
archlinux 1
gentoo 2
ubuntu 2
osv 4
redhat 2
mageia 1
freebsd 1
centos 1
fedora 4
oraclelinux 1
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:02:54
Arbitrary Code Execution
2019-05-02 05:04:38
Arbitrary Code Execution
2019-05-02 05:04:38
cvelist
cvelist
CVE-2014-6051
2014-09-30 16:00:00
CVE-2014-6052
2014-12-15 17:27:00
CVE-2014-8240
2014-10-16 19:00:00
debiancve
debiancve
CVE-2014-6051
2014-09-30 16:55:07
CVE-2014-6052
2014-12-15 18:59:04
CVE-2014-8240
2014-10-16 19:55:14
ubuntucve
ubuntucve
CVE-2014-6051
2014-09-24 00:00:00
prion
prion
Integer overflow
2014-09-30 16:55:00
Code injection
2014-12-15 18:59:00
Integer overflow
2014-10-16 19:55:00
nvd
nvd
CVE-2014-6051
2014-09-30 16:55:07
CVE-2014-6052
2014-12-15 18:59:04
CVE-2014-8240
2014-10-16 19:55:14
cve
cve
CVE-2014-6051
2014-09-30 16:55:07
CVE-2014-6052
2014-12-15 18:59:04
CVE-2014-8240
2014-10-16 19:55:14
nessus
nessus
Debian DLA-197-1 : libvncserver security update
2015-04-15 00:00:00
Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:229)
2014-11-27 00:00:00
CentOS 6 / 7 : libvncserver (CESA-2014:1826)
2014-11-12 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0397)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201507-07
2015-09-29 00:00:00
Debian: Security Advisory (DSA-3081-1)
2014-11-28 00:00:00
securityvulns
securityvulns
[oCERT-2014-007] libvncserver multiple issues
2014-09-29 00:00:00
libvncserver multiple security vulnerabilities
2014-09-29 00:00:00
debian
debian
[SECURITY] [DSA 3081-1] libvncserver security update
2014-11-29 15:21:35
[SECURITY] [DLA 197-1] libvncserver security update
2015-04-14 16:05:48
[SECURITY] [DLA 1979-1] italc security update
2019-10-30 22:21:35
archlinux
archlinux
libvncserver: remote code execution, denial of service
2014-10-24 00:00:00
gentoo
gentoo
LibVNCServer: Multiple vulnerabilities
2015-07-07 00:00:00
TigerVNC: Integer overflow
2016-12-13 00:00:00
ubuntu
ubuntu
LibVNCServer vulnerabilities
2014-09-29 00:00:00
iTALC vulnerabilities
2020-10-20 00:00:00
osv
osv
libvncserver - security update
2015-04-14 00:00:00
libvncserver - security update
2014-11-29 00:00:00
italc vulnerabilities
2020-10-20 16:35:20
redhat
redhat
(RHSA-2014:1826) Moderate: libvncserver security update
2014-11-11 00:00:00
(RHSA-2015:0113) Moderate: libvncserver security update
2015-02-02 00:00:00
mageia
mageia
Updated libvncserver & remmina packages fix security vulnerabilities
2014-10-07 13:22:51
freebsd
freebsd
libvncserver -- multiple security vulnerabilities
2014-09-23 00:00:00
centos
centos
libvncserver security update
2014-11-11 18:36:28
fedora
fedora
[SECURITY] Fedora 20 Update: libvncserver-0.9.10-0.6.20140718git9453be42.fc20
2014-09-29 04:06:45
[SECURITY] Fedora 21 Update: libvncserver-0.9.10-0.6.20140718git9453be42.fc21
2014-10-01 04:23:42
[SECURITY] Fedora 19 Update: krfb-4.11.5-4.fc19
2014-10-08 19:11:38
oraclelinux
oraclelinux
libvncserver security update
2014-11-11 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.5%

JSON
Related for UB:CVE-2014-6052
veracode4cvelist4debiancve4ubuntucve1prion4nvd4cve4nessus25openvas18securityvulns2debian3archlinux1gentoo2ubuntu2osv4redhat2mageia1freebsd1centos1fedora4oraclelinux1