CVE-2014-6054

Published: 24 September 2014

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

Priority

Medium

Status

Package Release Status
italc
Launchpad, Ubuntu, Debian
Upstream
Released (1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.0.2+dfsg1-4ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
krfb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4:4.13.3-0ubuntu1.1])
Patches:
Upstream: http://quickgit.kde.org/?p=krfb.git&a=commit&h=126a746dd7bee35840083e9bec7a52935a010346
libvncserver
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.9.9+dfsg-1ubuntu1.1])
Patches:
Upstream: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
Upstream: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
Upstream: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548
Upstream: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
Upstream: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)