CVE-2014-6052

Published: 24 September 2014

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

Priority

Medium

Status

Package Release Status
italc
Launchpad, Ubuntu, Debian
Upstream
Released (1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:3.0.1+dfsg1-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:2.0.2+dfsg1-4ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

krfb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

libvncserver
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.9.9+dfsg-1ubuntu1.1])
Ubuntu 12.04 ESM (Precise Pangolin)
Released (0.9.8.2-2ubuntu1.1)
Patches:
Upstream: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
Upstream: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812