CVE-2014-6054

Severity

43%

Complexity

86%

Confidentiality

48%

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 10 years ago

2014-10-06 14:55:00

Last updated 8 years ago

2016-12-22 02:59:00

Affected Software

Debian Linux 7.0

7.0

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

References

openSUSE-SU-2015:2207

[oss-security] 20140923 Multiple issues in libVNCserver

Mailing List, Third Party Advisory

61506

61682

DSA-3081

Third Party Advisory

http://www.ocert.org/advisories/ocert-2014-007.html

Third Party Advisory, US Government Resource

[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues

Mailing List, Third Party Advisory

70094

USN-2365-1

Third Party Advisory

https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446

Issue Tracking, Patch

[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update

GLSA-201507-07

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.