CVE-2014-6054

Published: 24 September 2014

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

Priority

Medium

Status

Package Release Status
italc
Launchpad, Ubuntu, Debian
Upstream
Released (1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:2.0.2+dfsg1-4ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

krfb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4:4.13.3-0ubuntu1.1])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: http://quickgit.kde.org/?p=krfb.git&a=commit&h=126a746dd7bee35840083e9bec7a52935a010346
libvncserver
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.9.9+dfsg-1ubuntu1.1])
Ubuntu 12.04 ESM (Precise Pangolin)
Released (0.9.8.2-2ubuntu1.1)
Patches:
Upstream: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
Upstream: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
Upstream: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548
Upstream: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
Upstream: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)