CVE-2014-6052
Published: 24 September 2014
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Notes
Author | Note |
---|---|
mdeslaur | same patches as CVE-2014-6051 krfb is only a server, this issue is client side. |
Priority
Status
Package | Release | Status |
---|---|---|
italc Launchpad, Ubuntu, Debian |
bionic |
Released
(1:3.0.1+dfsg1-1)
|
focal |
Does not exist
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
|
|
xenial |
Released
(1:2.0.2+dfsg1-4ubuntu0.1)
|
|
krfb Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needs triage
|
|
libvncserver Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(0.9.8.2-2ubuntu1.1)
|
|
trusty |
Released
(0.9.9+dfsg-1ubuntu1.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273 upstream: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812 |